[Openswan dev] NAT-T and PSK
Michael Richardson
mcr at sandelman.ottawa.on.ca
Sat Jul 28 10:59:14 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Kabir" == Kabir Ahsan-r9aahw <Ahsan.Kabir at freescale.com> writes:
Kabir> Hi
Kabir> Is there a _working_ ipsec.conf file that shows how to use
Kabir> nat-t and PSK? I know there are some issues with nat-t and
Kabir> PSK but not 100% sure what the issues are. I am trying to
Kabir> setup IPsec tunnel in net-to-net topology, where one IPsec
Kabir> gateway uses nat the other one does not use it.
If you are using openswan to openswan, then why do that?
Use raw RSA keys. It wold be simpler for me to set that up for you,
than to explain why NAT-T and PSK fails to be secure.
Kabir> I did some trial and error with few configuration file by I
Kabir> can't even ensure that IKE negotiation is completed? Can
Kabir> anyone give me any pointer to examples as to how nat-t can be
Kabir> used?
With RSASIG authentication.
- --
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRqtZv4CLcPvd0N1lAQLZFQf/aRJwtGq5NNsz34uI8u+Cc5s42XZKOWXG
ZMeZ5yxlXlSgJWUED40Qbgc3UGZjPIJ3ghuQqKJK+t7LCN4VedXQN0xB7Wt9WYPJ
6kJ/TaiCyDCi4+dC7MB8iEA9sc0V6rCF/q5pwuKzVQTTFgcFMH4XB8ujCJObFz5l
XTClOiz3OwnsUR+KsJnCGRPzfX5GSmY3BgHns0urlRGA8LOSmcml8T5SNaRP+g5j
tRGYIEjDSYuQVYr4/VMY3fQnyALd7A5Kp/XpVzxvc9dxHkamLA54LL/Ou6qr/EgC
ZLKV38WaWYEuGQOZyxMasQCWPHjPCRjFfozFmQywUh62J1ViG7yUvQ==
=P5/p
-----END PGP SIGNATURE-----
More information about the Dev
mailing list