Re: IPsec, VPN and FreeBSD
- From: VANHULLEBUS Yvan <vanhu_bsd@xxxxxxxxxx>
- Date: Wed, 25 Jan 2006 15:21:08 +0100
On Tue, Jan 24, 2006 at 06:19:15PM -0800, gahn wrote:
[....]
> As to the roaming users, very unlikely there will be
> dial-up line, but those users could be on road and
> using ISPs to connect the internal lab. both sites are
> labs.
>
> I will try the roaming clients<--->freebsd vpn server
> first.
IPsec with dynamic remote IPs is not as difficult, especially with
racoon's generate_policy option, but you'll need to know what you are
doing: Aggressive mode + PSK is known to be less secure than other
modes, Main mode + PSK can't be done with remote dynamic IPs, and Main
mode + X509 certificates need to have some X509 certificates
knowledge...
But it CAN be done, it is probably NOT the most easy way of doing
things, but it is probably the most secure, the most interoperable and
the most "easy" to administrate when it's in production...
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: IPsec, VPN and FreeBSD
- From: gahn
- Re: IPsec, VPN and FreeBSD
- From: F. Senault
- Re: IPsec, VPN and FreeBSD
- References:
- Re: IPsec, VPN and FreeBSD
- From: Julian Elischer
- Re: IPsec, VPN and FreeBSD
- From: gahn
- Re: IPsec, VPN and FreeBSD
- Prev by Date: Re: IPsec, VPN and FreeBSD
- Next by Date: Re: IPsec, VPN and FreeBSD
- Previous by thread: Re: IPsec, VPN and FreeBSD
- Next by thread: Re: IPsec, VPN and FreeBSD
- Index(es):
