FreeS/WAN pre-shared keys
Deven Phillips, CISSP
dphillips at viata.com
Sat May 5 12:40:12 PDT 2001
Jimen,
You need to pre-share the public keys. This is done by taking the
public keys and placing them into your connection settings like so:
conn jching-adtech
left=%defaultroute
leftsubnet=192.168.1.0/24
leftfirewall=yes
leftrsasigkey=<Your left side public key>
right=a.b.c.d
rightsubnet=10.12.0.0/16
rightfirewall=yes
rightrsasigkey=<Your right side public key>
auto=start
keyingtries=3
authby=secret
This is to ensure that the connection is not being spoofed. If you use
internet negotiated keys, there is always the chance that someone could
send you false keys, and then eavesdrop on your session.
Deven Phillips, CISSP
Network Architect
Viata Online, Inc.
More information about the LUAU
mailing list