[Openswan Users]

Paul Wouters paul at xelerance.com
Wed May 10 15:55:31 CEST 2006


On Wed, 10 May 2006, Shalini Tadimeti wrote:

>  Is there no way that I can authenticate the client
> machine on the basis of my own set of parameters,
> which are defined in a file ,for the establishment of
> the IPSEC.I want this authentication for the
> establishment of IPSEC.That is , data should be sent
> before Security Association is established.

Check out the IETF BTNS working group. They are developing
extensions to IPsec/IKE that allows one to go from an
unauthenticated IPsec SA, via channel bindings, to some
externally authenticated IPsec SA.

Paul

> --- Norman Rasmussen <norman at rasmussen.co.za> wrote:
>
> > On 5/10/06, Shalini Tadimeti
> > <shalinitadimeti at yahoo.co.in> wrote:
> > >  What if we want to send whole file containing
> > > parameters about the client machine such as
> > version
> > > name and stuff like that.XAUTH can be used only
> > for
> > > username and password, but I want to send lot more
> > > data for the authentication purpose through that
> > file.
> > > That is where I am stuck.I have thought about
> > using
> > > payloads, but even that doesnt seem to be the
> > right
> > > solution.
> > >   Can we use either identification payload or
> > private
> > > use payload for this purpose?
> >
> > Then perhaps the best way to do this, would be to
> > establish a full
> > ipsec connection, allowing the client to only
> > connect to an
> > authentication server inside your network.  Then the
> > data can be sent
> > in whatever format you want.   Once the auth server
> > determines that
> > the client is allowed access to other resources, it
> > can change
> > firewall rules to allow this.
> >
> > This is intentionally similar to what MS are
> > starting to support with
> > their VPN connections - i.e. connected, but in a
> > quarantine zone where
> > they can't access the network until they prove
> > they're safe.
> >
> > --
> > - Norman Rasmussen
> >  - Email: norman at rasmussen.co.za
> >  - Home page: http://norman.rasmussen.co.za/
> >
>
>
>
>
> __________________________________________________________
> Yahoo! India Answers: Share what you know. Learn something new.
> http://in.answers.yahoo.com
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list