[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pcidevs and isakmpd

I use ISAKMP with my cable modem at home. I have a variable IP address but
there is a way to configure it so that the variable IP address isn't a
factor. Then, I simply use domain names (FQDN) or email address (USER_(_at_)_FQDN)
in a certificate to do the "static" authentication.

Lots of examples available from the FAQ or the links on it.


Patrick Ethier

-----Original Message-----
From: Joerg Bornschein [mailto:joerg_(_at_)_zilium_(_dot_)_de]
Sent: Sunday, July 02, 2000 10:11 AM
To: tech_(_at_)_openbsd_(_dot_)_org
Subject: pcidevs and isakmpd


Could someone please add 



/* AVM products */
product	AVM	FRITZ_CARD	0x0a00	Fritz!Card ISDN controller

I think thats the right place where it belongs rather than in 
the driver source...

My second topic is more like a feature request:

What do you think about adding support for DNS-Hostnames in
some isakmpd.conf sections ? (e.g. <ISAKMP-peer>/Address)
I know about DNS-spoofing, and I expect you are concerned about
security -- but as far as is understand IPSec it was designed
to handle such problems.
Of course using IP addresses should be the prefered way configuring
your isakmpd -- but allowing hostnames could enable all those many
people not having a static IP addresses setting up VPNs to their
friends (think of Cable or ISDN users).

thanks for listening


Visit your host, monkey.org