[Openswan dev] NAT-T and PSK

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>>>> "Kabir" == Kabir Ahsan-r9aahw <Ahsan.Kabir at freescale.com> writes:
    Kabir> Hi 
    Kabir> Is there a _working_ ipsec.conf file that shows how to use
    Kabir> nat-t and PSK? I know there are some issues with nat-t and
    Kabir> PSK but not 100% sure what the issues are. I am trying to
    Kabir> setup IPsec tunnel in net-to-net topology, where one IPsec
    Kabir> gateway uses nat the other one does not use it.  

  If you are using openswan to openswan, then why do that? 
  Use raw RSA keys. It wold be simpler for me to set that up for you,
than to explain why NAT-T and PSK fails to be secure.

    Kabir> I did some trial and error with few configuration file by I
    Kabir> can't even ensure that IKE negotiation is completed? Can
    Kabir> anyone give me any pointer to examples as to how nat-t can be
    Kabir> used? 

  With RSASIG authentication.

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRqtZv4CLcPvd0N1lAQLZFQf/aRJwtGq5NNsz34uI8u+Cc5s42XZKOWXG
ZMeZ5yxlXlSgJWUED40Qbgc3UGZjPIJ3ghuQqKJK+t7LCN4VedXQN0xB7Wt9WYPJ
6kJ/TaiCyDCi4+dC7MB8iEA9sc0V6rCF/q5pwuKzVQTTFgcFMH4XB8ujCJObFz5l
XTClOiz3OwnsUR+KsJnCGRPzfX5GSmY3BgHns0urlRGA8LOSmcml8T5SNaRP+g5j
tRGYIEjDSYuQVYr4/VMY3fQnyALd7A5Kp/XpVzxvc9dxHkamLA54LL/Ou6qr/EgC
ZLKV38WaWYEuGQOZyxMasQCWPHjPCRjFfozFmQywUh62J1ViG7yUvQ==
=P5/p
-----END PGP SIGNATURE-----