IPsec, VPN and FreeBSD
gahn
ipfreak at yahoo.com
Wed Jan 25 19:23:32 PST 2006
Thanks Vanhu:
could you give me some tips on this knowhow?
--- VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> wrote:
>
> IPsec with dynamic remote IPs is not as difficult,
> especially with
> racoon's generate_policy option, but you'll need to
> know what you are
> doing: Aggressive mode + PSK is known to be less
> secure than other
> modes, Main mode + PSK can't be done with remote
> dynamic IPs, and Main
> mode + X509 certificates need to have some X509
> certificates
> knowledge...
>
>
> But it CAN be done, it is probably NOT the most easy
> way of doing
> things, but it is probably the most secure, the most
> interoperable and
> the most "easy" to administrate when it's in
> production...
>
>
> Yvan.
>
> --
> NETASQ - Secure Internet Connectivity
> http://www.netasq.com
> _______________________________________________
> freebsd-security at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the freebsd-security
mailing list