From: Atis E. <pr...@ba...> - 2005-07-17 12:56:52
|
Hi, File samples/racoon.conf.sample-natt says: "With NAT-T you shouldn't use PSK. Let's go on with certs." Why pre-shared keys can be so bad together with NAT-T? Also, is there any security difference between the cases 1) when we know client's IP address behind NAT and 2) when we don't, i.e. using "generate_policy on" in config file (right?) I'm interested only in PSK related issues here. This question may be not directly related to ipsec-tools, but there sure is someone who can answer it ;) Thanks. |