From: <ma...@ne...> - 2004-10-23 12:04:59
|
Here is a finished patch (that can be committed IMO) for Hybrid auth client and IKE frag receiver: http://ftp.espci.fr/shadow/manu/hyrbid+frag.patch The IKE frag part is of interest to anyone: by adding ike_frag = on (and building with --enable-frag) in the remote configuration, you are now able to get IPsec traffic going through a broken router that filters fragmented UDP packet. Most DSL routers are broken that way. In order to use client-side Hybrid auth, you need: In the remote section: my_identifier login "your_login"; In the proposal subsection: authentication_method hybrid_rsa_client; In the psk file: your_login your_password I just have one last problem, but it might not be related to my work: by default, the peer's certificate is validated using /etc/openssl/cert.pem as the CA. Is it something expected? I'll now work on ISAKMP mode config client capability. -- Emmanuel Dreyfus Il y a 10 sortes de personnes dans le monde: ceux qui comprennent le binaire et ceux qui ne le comprennent pas. ma...@ne... |