On 2023-03-01 08:38, Stuart Henderson wrote:
> On 2023/03/01 14:21, Tobias Heider wrote:
>> On Wed, Mar 01, 2023 at 09:24:50AM -0000, Stuart Henderson wrote:
>>> On 2023-03-01, J Doe <general@nativemethods.com> wrote:
>>>> Hello,
>>>>
>>>> I have a question regarding authentication options in OpenIKED on
>>>> OpenBSD 7.2
>>>>
>>>> On my test lab I have one OpenBSD 7.2 machine with OpenIKED configured
>>>> to use PSK and a macOS 13.2.1 client that can connect to it.
>>>>
>>>> I read in: man iked.conf that PSK should not be used, so I am now
>>>
>>> I don't see that in the iked.conf manual. There is some reference to not
>>> using psk in /etc/examples/iked.conf but it's not clear whether that's
>>> because of the need to share a single psk with all endpoints connecting
>>> via the same iked.conf configuration line (certainly a problem when
>>> you have multiple users from unknown IPs but perhaps not if used for
>>> separately-configured lan-to-lan tunnels with strong randomly generated
>>> psks) or whether it's something else.
>>
>> We should probably remove that comment.
>
> Wondering if we should actually remove the whole examples/iked.conf
> file, it doesn't seem hugely useful..
Hi Stuart and list,
For what it's worth, I found the example to be useful. I know there are
a couple of examples in: man iked.conf, but I generally find when I'm
learning something new more examples are always better than too few.
- J
No comments:
Post a Comment