Date: Wed, 25 Jan 2006 19:23:31 -0800 (PST) From: gahn <ipfreak@yahoo.com> To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-security@freebsd.org Subject: Re: IPsec, VPN and FreeBSD Message-ID: <20060126032331.96806.qmail@web52112.mail.yahoo.com> In-Reply-To: <20060125142108.GB682@zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks Vanhu: could you give me some tips on this knowhow? --- VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote: > > IPsec with dynamic remote IPs is not as difficult, > especially with > racoon's generate_policy option, but you'll need to > know what you are > doing: Aggressive mode + PSK is known to be less > secure than other > modes, Main mode + PSK can't be done with remote > dynamic IPs, and Main > mode + X509 certificates need to have some X509 > certificates > knowledge... > > > But it CAN be done, it is probably NOT the most easy > way of doing > things, but it is probably the most secure, the most > interoperable and > the most "easy" to administrate when it's in > production... > > > Yvan. > > -- > NETASQ - Secure Internet Connectivity > http://www.netasq.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060126032331.96806.qmail>