[Openswan Users]

Norman Rasmussen norman at rasmussen.co.za
Wed May 10 13:23:26 CEST 2006


On 5/10/06, Shalini Tadimeti <shalinitadimeti at yahoo.co.in> wrote:
>  What if we want to send whole file containing
> parameters about the client machine such as version
> name and stuff like that.XAUTH can be used only for
> username and password, but I want to send lot more
> data for the authentication purpose through that file.
> That is where I am stuck.I have thought about using
> payloads, but even that doesnt seem to be the right
> solution.
>   Can we use either identification payload or private
> use payload for this purpose?

Then perhaps the best way to do this, would be to establish a full
ipsec connection, allowing the client to only connect to an
authentication server inside your network.  Then the data can be sent
in whatever format you want.   Once the auth server determines that
the client is allowed access to other resources, it can change
firewall rules to allow this.

This is intentionally similar to what MS are starting to support with
their VPN connections - i.e. connected, but in a quarantine zone where
they can't access the network until they prove they're safe.

--
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


More information about the Users mailing list