Menu
▾
▴
Re: [Ipsec-tools-devel] More "it works" news on HEAD
|
From: <ma...@ne...> - 2005-04-11 21:10:55
|
Marcus D. Leech <ml...@no...> wrote: > > I'm using NATT, DPD, HYBRID_RSA in aggressive mode, with MODE_CFG > > and RADIUS support, with a certificate on the server/gateway end. > > I'm running kernel 2.6.11.6 on both ends. > > > > It all seems to work OK--haven't tested it exhaustively, but it appears to > > be in no worse shape than HEAD from last week. > > > > How do I turn on client-end certificates in xauth/hybrid, instead of RADIUS > > (just for testing)? hybrid auth is made for having certificate on the server and nothing on the client. If you have certificates on the client, this is not hybrid auth anymore, it's Xauth + certificate. Boths ends will use a certificate, and you'll still have an Xauth login/password. That would be xauth_rsa_server / xauth_rsa_client. Alternatively, you can use rsasig and have certificates on both sides without Xauth. But if you do that you won't have ISAKMP mode config anymore. This is a bug, and fixing it is on Fred's TODO list :-) -- Emmanuel Dreyfus Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php ma...@ne... |