From owner-freebsd-net  Thu Nov  7 19: 8:42 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B8B137B401
	for <freebsd-net@freebsd.org>; Thu,  7 Nov 2002 19:08:39 -0800 (PST)
Received: from web20003.mail.yahoo.com (web20003.mail.yahoo.com [216.136.225.48])
	by mx1.FreeBSD.org (Postfix) with SMTP id 71EC343E3B
	for <freebsd-net@freebsd.org>; Thu,  7 Nov 2002 19:08:39 -0800 (PST)
	(envelope-from vctw@yahoo.com)
Message-ID: <20021108030809.76286.qmail@web20003.mail.yahoo.com>
Received: from [168.95.19.3] by web20003.mail.yahoo.com via HTTP; Thu, 07 Nov 2002 19:08:09 PST
Date: Thu, 7 Nov 2002 19:08:09 -0800 (PST)
From: Vincent Chen <vctw@yahoo.com>
Subject: racoon questions?
To: freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hi, all

I have a ipsec tunnel with 2 freebsd in each end. It
just came to me recently, how safe if racoon accept
anonymous connection? Is it possible that somebody
just create a fake certificate and feed it to racoon,
then got access?

BTW: I didn't check peer's identifier at this time.
Will it be safer to check?


Thanks,



__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message