On 2023 Mar 01 (Wed) at 14:50:08 +0100 (+0100), Tobias Heider wrote:
:On Wed, Mar 01, 2023 at 01:38:24PM +0000, Stuart Henderson wrote:
:> On 2023/03/01 14:21, Tobias Heider wrote:
:> > On Wed, Mar 01, 2023 at 09:24:50AM -0000, Stuart Henderson wrote:
:> > > On 2023-03-01, J Doe <general@nativemethods.com> wrote:
:> > > > Hello,
:> > > >
:> > > > I have a question regarding authentication options in OpenIKED on
:> > > > OpenBSD 7.2
:> > > >
:> > > > On my test lab I have one OpenBSD 7.2 machine with OpenIKED configured
:> > > > to use PSK and a macOS 13.2.1 client that can connect to it.
:> > > >
:> > > > I read in: man iked.conf that PSK should not be used, so I am now
:> > >
:> > > I don't see that in the iked.conf manual. There is some reference to not
:> > > using psk in /etc/examples/iked.conf but it's not clear whether that's
:> > > because of the need to share a single psk with all endpoints connecting
:> > > via the same iked.conf configuration line (certainly a problem when
:> > > you have multiple users from unknown IPs but perhaps not if used for
:> > > separately-configured lan-to-lan tunnels with strong randomly generated
:> > > psks) or whether it's something else.
:> >
:> > We should probably remove that comment.
:>
:> Wondering if we should actually remove the whole examples/iked.conf
:> file, it doesn't seem hugely useful..
:>
:
:I don't think I have ever used it. ok with me if no one objects.
:
I have used examples/iked.conf to get started on my own iked.conf
before. There are a lot of options and it gets confusing very quickly,
especially if you aren't used to building IPSec gateways.
as long as either the man page for iked.conf or /etc/examples/iked.conf
exist with usable example configs, I'm happy.
--
The human race has one really effective weapon, and that is laughter.
-- Mark Twain
No comments:
Post a Comment