[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pcidevs and isakmpd



I use ISAKMP with my cable modem at home. I have a variable IP address but
there is a way to configure it so that the variable IP address isn't a
factor. Then, I simply use domain names (FQDN) or email address (USER_(_at_)_FQDN)
in a certificate to do the "static" authentication.


Lots of examples available from the FAQ or the links on it.

http://www.openbsd.org/faq/faq13.html

Regards,
Patrick Ethier
patrick_(_at_)_secureops_(_dot_)_com


-----Original Message-----
From: Joerg Bornschein [mailto:joerg_(_at_)_zilium_(_dot_)_de]
Sent: Sunday, July 02, 2000 10:11 AM
To: tech_(_at_)_openbsd_(_dot_)_org
Subject: pcidevs and isakmpd


Hi,

Could someone please add 

vendor AVM		0x1244	AVM AUDIOVISUELLES MKTG

[..]

/* AVM products */
product	AVM	FRITZ_CARD	0x0a00	Fritz!Card ISDN controller


I think thats the right place where it belongs rather than in 
the driver source...


My second topic is more like a feature request:

What do you think about adding support for DNS-Hostnames in
some isakmpd.conf sections ? (e.g. <ISAKMP-peer>/Address)
I know about DNS-spoofing, and I expect you are concerned about
security -- but as far as is understand IPSec it was designed
to handle such problems.
Of course using IP addresses should be the prefered way configuring
your isakmpd -- but allowing hostnames could enable all those many
people not having a static IP addresses setting up VPNs to their
friends (think of Cable or ISDN users).


thanks for listening

  joerg





Visit your host, monkey.org