[Openswan dev] NAT-T and PSK
mcr at sandelman.ottawa.on.ca
Sat Jul 28 10:59:14 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Kabir" == Kabir Ahsan-r9aahw <Ahsan.Kabir at freescale.com> writes:
Kabir> Is there a _working_ ipsec.conf file that shows how to use
Kabir> nat-t and PSK? I know there are some issues with nat-t and
Kabir> PSK but not 100% sure what the issues are. I am trying to
Kabir> setup IPsec tunnel in net-to-net topology, where one IPsec
Kabir> gateway uses nat the other one does not use it.
If you are using openswan to openswan, then why do that?
Use raw RSA keys. It wold be simpler for me to set that up for you,
than to explain why NAT-T and PSK fails to be secure.
Kabir> I did some trial and error with few configuration file by I
Kabir> can't even ensure that IKE negotiation is completed? Can
Kabir> anyone give me any pointer to examples as to how nat-t can be
With RSASIG authentication.
] Bear: "Me, I'm just the shape of a bear." | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the Dev