On 2023-03-01 04:24, Stuart Henderson wrote:
> On 2023-03-01, J Doe <general@nativemethods.com> wrote:
>> Hello,
>>
>> I have a question regarding authentication options in OpenIKED on
>> OpenBSD 7.2
>>
>> On my test lab I have one OpenBSD 7.2 machine with OpenIKED configured
>> to use PSK and a macOS 13.2.1 client that can connect to it.
>>
>> I read in: man iked.conf that PSK should not be used, so I am now
>
> I don't see that in the iked.conf manual. There is some reference to not
> using psk in /etc/examples/iked.conf but it's not clear whether that's
> because of the need to share a single psk with all endpoints connecting
> via the same iked.conf configuration line (certainly a problem when
> you have multiple users from unknown IPs but perhaps not if used for
> separately-configured lan-to-lan tunnels with strong randomly generated
> psks) or whether it's something else.
Hi Stuart and list,
Yes, that is correct -- I am wrong about this showing in: man iked.conf.
It's in examples and is the last example given:
/etc/examples/iked.conf
. . .
psk "you-should-not-use-psk-authentication!"
- J
No comments:
Post a Comment