[Openswan Users] RSA and RSA with XAUTH at the same machine?
harald.meyer7 at freenet.de
harald.meyer7 at freenet.de
Thu Dec 18 08:30:14 EST 2008
Hi Paul!
> > Ok, I've to discover configuration for Aggressive Mode. (Never
> > interested in before.)
>
> aggrmode=yes
Yes - but it would be useful in separate conn sections, only. But for
using with my RSASIG/Main Mode conns I've to place it into the
default section (like "leftxauthserver=yes" with my XAUTH tests).
And with "aggrmode=yes" in conn %default - who would be
surprised - the common RSASIG/Main Mode road warriors
cause INVALID_ID logs.
Agressive Mode seems to be not working with RSASIG/Main Mode
at the same time/box (like XAUTH, too).
> > (But is it really possible at the same time with RSASIG Main Mode
> > conns?)
>
> It should be possible.
I don't think so (look above).
> > And what's about MITM risks?
>
> If you do not use PSK aggressive mode, you should be fine.
Hmm, ...
Tremendous anyway.
Thanks,
Harald
#adBox3 {display:none;}
More information about the Users
mailing list