Using shared secret with PGPNet ???
Will Price
wprice at cyphers.net
Wed Jun 13 15:41:55 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
One does not "use shared secret instead of IKE". One uses IKE to
setup the shared secret connection. There is no way to securely use
IPsec without a control protocol like IKE.
PGPnet VPN has been tested with the OpenBSD IPsec/IKE implementation,
and it does work. There is probably more information on the web
somewhere regarding how to configure OpenBSD IPsec. To be sure, the
IPsec/IKE code on the OpenBSD side had to be the very latest versions
of everything.
I suggest using Expert mode to configure the gateway in PGPnet. You
will probably need to modify the proposals in the VPN Advanced
settings as well.
Etienne Goyer wrote:
> I am back to PGPNet and trying to have it use shared secret with an
> OpenBSD host setup for IPSec. I have yet to make it work with
> shared secret. The OpenBSD side should be correct as shared secret
> is well supported according to the docs. I am using PGPNet version
> 7.0.3. When I create my connection with the "Add host wizard", I
> choose "First attempt shared secret, then fallback to public
> key...". However, PGPNet log and tcpdump output suggest the PGPNet
> host is going right to IKE for key exchange and don't even try
> shared secret.
>
> I must be missing something really simple. How do we force PGPNet
> to use shared secret instead of IKE ??? Any help appreciated.
- --
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBOyfB4Ky7FkvPc+xMEQJ5gQCg6/Kw2M7YZh9dEbPkXgJMx9SIJcMAnigA
zhoxfO5N6vmLgB6jhOD9Dnrl
=afzM
-----END PGP SIGNATURE-----
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list