[Openswan dev] openswan 2.4.8 Klips natt psk on kernel 2.4
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon Jul 23 00:44:37 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Mark-Andre" == Mark-Andre Hopf <mhopf at innominate.com> writes:
Mark-Andre> Oh, and when you use NAT, the non-NATed peer must use
Mark-Andre> '%any' as the remote gateway AND ( aggressive mode OR
Mark-Andre> X.509 certificates instead of PSKs).
PLEASE PLEASE PLEASE.
The word is "RSA signature", not "X.509 certificate".
a) DSA certificates are not supported.
b) you do not need a certificate authority to use RSA signatures.
Sure, windows,*bsd,mac are all too stupid to be able to configure RSA
signatures without a certificate, but that's not our fault.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRqQyMoCLcPvd0N1lAQLneQf9HSpW+dlKpAJYfAYz7Yga0oZebJ9eaCzQ
G7fI4RiYJ4AeHLu14k4g7FKhlZmYoPSPho7wgfaZHkAKTl8Orr3EiZ9jm4U2z+ca
uCMDmkBr6KG6nzOOH9FiyM8MiGmbw3s1AFa3Khq6Cy02HMMBVCrHymHdIxUuBS0M
J0mTPvkYABBHpBdtQFYMMmBs7c5SlqN1pK2LbVvuN8tkiC2HH0qzrXgnVLqX/6Kj
vrxh4jirK4yXnYVaecSltoKuLgBxMnohdPYZa/gSwpirRwXa7behBtv86URaWdn2
99qmVve/6D52z3cc/agHr7Uq647PHu3Jh1JykAW+yQSDohJK0fA9qQ==
=5SDh
-----END PGP SIGNATURE-----
More information about the Dev
mailing list