[Openswan Users] VPN Question
petermcgill at goco.net
Thu Feb 28 10:12:20 EST 2008
RSA keys is just fine for net-to-net, that's all I use.
I have at present 4 (and growing) offices with static ip's, connected net-to-net in a mesh using RSA keys.
RSA keys in net-to-net are the first example in the doc/ dir of the source tarball.
Cert's also use RSA, but take a little more effort to setup and maintain.
The only advantage I can think of with certs over pure RSA in a static net-to-net mesh,
is that you can revoke certs if they become insecure/broken/hacked... via the crl file.
They also expire after a time, which could be good or bad depending on your preferences.
More maintenance, but slightly more security. Plain RSA is good enough though.
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Mueller, Bernd
Sent: February 28, 2008 9:30 AM
To: Users at openswan.org
Subject: [Openswan Users] VPN Question
i ve got a question concerning our vpn.
Right now we have got 6 station which have to tunnel their network with each other.
So i got following networks:
172.16.0.0/16 - 172.21.0.0/16
Everybody should be able to connect more or less to everywhere.
At the moment we use preshared rsa keys in ipsec.secrets and the fingerprint of the keys as id.
What would be the best possible solution to update this?
Certs of x.509?
Everything i am reading is about roadwarrior, but all i want is net to net..
Perhaps later i will add some laptops which will connect via openvpn.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users