Menu
▾
▴
Re: [Ipsec-tools-devel] bad idea?: different pre-shared keys search strategy
|
From: Aidas K. <a.k...@gm...> - 2005-10-03 06:28:12
|
Maybe you should use stronger auth, like certs? Hans-Cees Speel wrote: > Hi, > > At the moment I think racoon reads a psk.key file (configured in > racoon.conf) and parses the first hit. If the pre-shared key does not > match it denies the connection. > > I was wondering if there is a good reason not to allow this: > > Let racoon read a psk.key file, but parse it until the end to see if > there is a good match. If there is, allow the connection. If this > means a slight performance hit, you might make this parse behavior > configurable. > > The reason I ask might be obvious to you or not. If it is not here > are my thoughts: > > I want to create a dhcp range where users use wifi. Say > 192.168.1.0/24. I want to give all users a pre-shared-key to > authenticate. Users use windows, so we must use main-mode. > I do not want to assign fixed ip-addresses to users. > Therefore to be able to do this I must make a key list where ip- > addresses are the identifier and pre-shared keys the password. > > Perhaps there is a way to do this already with dhcp and pre-shared > keys? > > If not this ia my feature request. > > Hans-Cees > > > > > > > > > > > > > > > > > > Hans-cees Speel @ http://www.hanscees.com > Trees @ http://www.bomengids.nl > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel -- Aidas Kasparas IT administrator GM Consult Group, UAB |