[Openswan Users] tunnel using XAUTH client mode to Cisco 3000 series

David Edmondson dme at dme.org
Fri Jul 9 17:27:28 CEST 2004


* mcr at sandelman.ottawa.on.ca [20040708T173815]:
>   If you use RSA authentication, this whole nonsense goes away.
>   Since RSA authentication is FAR BETTER than username/password, and it
> also scales better, I'd recommend it. If you need a physical token
> as well, you can combine RSA+XAUTH, but this is less commonly done.

It seems that it would be necessary to have RSA keys per-user rather
than a common set, or the same problem would result.  Is this correct?

>   If you are happy with a client-only, single-session system, use
> 'vpnc'. The reports are that it works, is simple enough and needs no
> kernel components.

vpnc works well enough, but the need to re-authenticate every eight
hours is deeply frustrating, especially if one has an active task that
cannot complete in that time.

Thanks again for all of your help.

dme.


More information about the Users mailing list