[Vpn-help] PSK client with asn1dn server?
Matthew Grooms
mgrooms at shrew.net
Fri Sep 15 12:24:12 CDT 2006
Peter Eisch wrote:
> I changed my testing server back to 'my_identifier asn1dn' and
> [re]connected with the mutual-psk-xauth config and it connected. Does
> this make sense? How could the client auth the server? The server
> seems to go through the motions of doing RSA steps (still not an expert
> on reading racoon's -ddd output) even though the phase 1 proposal is
> matched for PSK. Is this intentional or a bug?
>
> It would seem to me that the client should make some effort to auth the
> server given the policy. Oddly I like the behavior, but it doesn't seem
> to make any sense or could be seen to be a security hole.
>
> Bewildered,
>
> peter
>
You have to stop and restart the ipsecc instance for it to pick up the
config modifications.
-Matthew
More information about the vpn-help
mailing list