[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: pcidevs and isakmpd
- To: "'Joerg Bornschein'" <joerg_(_at_)_zilium_(_dot_)_de>, tech_(_at_)_openbsd_(_dot_)_org
- Subject: RE: pcidevs and isakmpd
- From: Patrick Ethier <patrick_(_at_)_secureops_(_dot_)_com>
- Date: Mon, 3 Jul 2000 10:25:51 -0400
I use ISAKMP with my cable modem at home. I have a variable IP address but
there is a way to configure it so that the variable IP address isn't a
factor. Then, I simply use domain names (FQDN) or email address (USER_(_at_)_FQDN)
in a certificate to do the "static" authentication.
Lots of examples available from the FAQ or the links on it.
From: Joerg Bornschein [mailto:joerg_(_at_)_zilium_(_dot_)_de]
Sent: Sunday, July 02, 2000 10:11 AM
Subject: pcidevs and isakmpd
Could someone please add
vendor AVM 0x1244 AVM AUDIOVISUELLES MKTG
/* AVM products */
product AVM FRITZ_CARD 0x0a00 Fritz!Card ISDN controller
I think thats the right place where it belongs rather than in
the driver source...
My second topic is more like a feature request:
What do you think about adding support for DNS-Hostnames in
some isakmpd.conf sections ? (e.g. <ISAKMP-peer>/Address)
I know about DNS-spoofing, and I expect you are concerned about
security -- but as far as is understand IPSec it was designed
to handle such problems.
Of course using IP addresses should be the prefered way configuring
your isakmpd -- but allowing hostnames could enable all those many
people not having a static IP addresses setting up VPNs to their
friends (think of Cable or ISDN users).
thanks for listening