Date: Wed, 23 Sep 2015 09:03:40 +0600 From: Victor Sudakov <vas@mpeks.tomsk.su> To: Larry Baird <lab@gta.com>, freebsd-net@freebsd.org Subject: Re: transport mode IPSec with Windows 7, static keys Message-ID: <20150923030340.GB4556@admin.sibptus.tomsk.ru> In-Reply-To: <20150922163845.GB82457@gta.com> References: <115822.44131.97331@localhost> <20150922144246.61965.qmail@mailgate.gta.com> <20150922151003.GA98507@admin.sibptus.tomsk.ru> <20150922163845.GB82457@gta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Larry Baird wrote: > > > I use IKE when I have to, but would like to use static keys with > > Windows specifically, or at least would like to definitely know if it > > is at all possible or not. > Static keys are too weak from a security stand point. I can imagine situations where static keys are sufficient, or may present a lesser risk than installing third party VPN solutions on Windows. > I have never tried > to configure them on Windows. Sorry I can't help. I configured them between FreeBSD and Cisco, as well as two FreeBSD hosts. The main problem with Windows is that it can have only one key both for encryption and authentication, while setkey requires two different keys to be of different lengths, which is kinda difficult to set up with setkey. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150923030340.GB4556>