[nycbug-talk] OpenBSD as a VPN device

Miles Nordin carton at Ivy.NET
Thu Jan 10 18:16:20 EST 2008


>>>>> "bas" == Brian A Seklecki <lavalamp at spiritual-machines.org> writes:

   bas> ipsec-tools has made confirmed progress talking to
   bas> hybrid-xauth clients (w/ PAM & RADIUS, etc.) such as Cisco.
   bas> I'm not sure where isakmpd(8) stands, but development is
   bas> equally charged.

hybrid-xauth a.k.a. ``Mutual Group Authentication'' is (correct me if
I'm wrong) the Cisco VPN Dialer feature that arranges things so
individual road warriors don't have enough information loaded into VPN
Dialer configs on their laptops to impersonate the central head-end
server and start collecting the passwords of other employees.

   bas> isakmpd(8) works great for P2P or L2L tunnel subnets, with
   bas> exception of that nasty "IPSEC encapsualtion happens before
   bas> local directly attached subnets are evaluated when unequal
   bas> length subnets are define" bug

the what?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20080110/81186341/attachment.bin>


More information about the talk mailing list