[vpnc-devel] Working on certificate authentication ...
jmvpnc at loplof.de
Fri Aug 25 09:17:25 CEST 2006
On Thu, Aug 24, 2006 at 11:30:11PM +1200, Mattias Nissler wrote:
> No, my configuration doesn't require any certificates. It's just
> xauth-psk which is called group key or something by the Cisco client
> IIRC. The whole thing is very sensitve regarding correct parameters. For
> example, it took me quite some time to figure out that I had to set the
> dh_group parameter to 2. All other values just resulted in failures to
> establish the connection with very few hints about what went wrong.
Well, that's something your admin might want to document: Both, the fact
that you have to set a specific DH group and that even with debugging
basically no feedback is available are due to the fact how aggressive
mode works. It's not something the ipsec-tools authors can improve
Client -> Server: Hello, I'm me and I support the following list of
Oh, and by the way, here is the first data for a dh-group1 exchange
Server: Huh?!? I only support dh-group 2. Well, I won't answer that guy.
PS: Have you gotten hybrid mode to work?
Joerg Mayer <jmayer at loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
More information about the vpnc-devel