IPsec, VPN and FreeBSD

gahn ipfreak at yahoo.com
Wed Jan 25 19:23:32 PST 2006


Thanks Vanhu:

could you give me some tips on this knowhow?



--- VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> wrote:
>
> IPsec with dynamic remote IPs is not as difficult,
> especially with
> racoon's generate_policy option, but you'll need to
> know what you are
> doing: Aggressive mode + PSK is known to be less
> secure than other
> modes, Main mode + PSK can't be done with remote
> dynamic IPs, and Main
> mode + X509 certificates need to have some X509
> certificates
> knowledge...
> 
> 
> But it CAN be done, it is probably NOT the most easy
> way of doing
> things, but it is probably the most secure, the most
> interoperable and
> the most "easy" to administrate when it's in
> production...
> 
> 
> Yvan.
> 
> -- 
> NETASQ - Secure Internet Connectivity
> http://www.netasq.com
> _______________________________________________
> freebsd-security at freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the freebsd-security mailing list