[nycbug-talk] OpenBSD as a VPN device
carton at Ivy.NET
Thu Jan 10 18:16:20 EST 2008
>>>>> "bas" == Brian A Seklecki <lavalamp at spiritual-machines.org> writes:
bas> ipsec-tools has made confirmed progress talking to
bas> hybrid-xauth clients (w/ PAM & RADIUS, etc.) such as Cisco.
bas> I'm not sure where isakmpd(8) stands, but development is
bas> equally charged.
hybrid-xauth a.k.a. ``Mutual Group Authentication'' is (correct me if
I'm wrong) the Cisco VPN Dialer feature that arranges things so
individual road warriors don't have enough information loaded into VPN
Dialer configs on their laptops to impersonate the central head-end
server and start collecting the passwords of other employees.
bas> isakmpd(8) works great for P2P or L2L tunnel subnets, with
bas> exception of that nasty "IPSEC encapsualtion happens before
bas> local directly attached subnets are evaluated when unequal
bas> length subnets are define" bug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 304 bytes
Desc: not available
More information about the talk