[Openswan Users] Is it possible to auth by either psk or rsa?
Brad Peterson
despite at gmail.com
Thu Jul 15 14:54:27 EDT 2010
On Thu, Jul 15, 2010 at 12:19 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Wed, 14 Jul 2010, Brad Peterson wrote:
>
> The authby section of man ipsec.conf(5) says authby can have a value of
>> 'secret|rsasig' to accept either. I'm running openswan 2.6.25 and
>> get an error using that value: "WARNING: /etc/ipsec.d/l2tp-psk.conf: 2:
>> keyword authby, invalid value: secret|rsasig"
>>
>> I haven't found any mention in the docs, the git commits, or online of
>> this option being removed. Was it replaced with anything?
>>
>
> I think we just never extended the parser for that. I think ideally, we
> would use a new keyword
> for this situation.
>
> It is a very uncommon scenario, and best avoided btw.
>
> Paul
>
I agree of course, and wish I had another way. But supporting iPhone
clients is a priority, and they don't support certificates for L2TP/IPsec.
I am hoping a dual-auth setup will let us accept iPhone clients, but still
protect other connections from the man-in-the-middle attacks that PSK's
allow.
Am I missing a better way to do this?
Bradley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100715/abcd278a/attachment.html
More information about the Users
mailing list