Using shared secret with PGPNet ???
Sandy Harris
sandy at storm.ca
Wed Jun 13 22:14:16 EDT 2001
Will Price wrote:
> One does not "use shared secret instead of IKE". One uses IKE to
> setup the shared secret connection. There is no way to securely use
> IPsec without a control protocol like IKE.
Correct. IKE needs an authentication mechanism. One possibility for that
is shared secrets. In general, using public key authentication is
preferable. One discussion of the issues is:
http://www.freeswan.org/freeswan_trees/freeswan-1.9/doc/config.html#otherconf
I'm the author of that and not entirely happy with it. Suggestions for
improvement, or just asking any questions you have that it doesn't cover,
would be welcome.
> PGPnet VPN has been tested with the OpenBSD IPsec/IKE implementation,
> and it does work. There is probably more information on the web
> somewhere regarding how to configure OpenBSD IPsec.
There's a HowTo covering links between any two of OpenBSD, Linux FreeS/WAN
and PGPnet:
http://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.html
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list