I would like to be able to wildcard psk definitions.
As Timo said before this is like shared passwords (in fact it is exactly that). And as such is therefore a Bad Thing(tm)
I agree - but
a) I am building a solution that interoperates with lots of different platforms
Some of those platforms support this. For Windows the psk is part of the 'remote' definition and the remote definitons can be scoped on the same level as sa can be (see other thread about changing racoons remote scope)
b) One of the use cases is to have psk as a fall back.
This is for transport mode. I want wire encryption. Having a shared psk is not ideal but at least I get wire encryption
And I cannot set up thousands of individual psks (which is what I would need to do)
Get latest updates about Open Source Projects, Conferences and News.