[Vpn-help] PSK client with asn1dn server?
Peter Eisch
peter at boku.net
Fri Sep 15 12:32:36 CDT 2006
On 9/15/06 12:24 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
> Peter Eisch wrote:
>> I changed my testing server back to 'my_identifier asn1dn' and
>> [re]connected with the mutual-psk-xauth config and it connected. Does
>> this make sense? How could the client auth the server? The server
>> seems to go through the motions of doing RSA steps (still not an expert
>> on reading racoon's -ddd output) even though the phase 1 proposal is
>> matched for PSK. Is this intentional or a bug?
>>
>> It would seem to me that the client should make some effort to auth the
>> server given the policy. Oddly I like the behavior, but it doesn't seem
>> to make any sense or could be seen to be a security hole.
>>
>> Bewildered,
>>
>> peter
>>
>
> You have to stop and restart the ipsecc instance for it to pick up the
> config modifications.
>
The client config hasn't changed. I only changed and restarted the server
config. The client is still PSK but the server was changed back to
asn1dn...
More information about the vpn-help
mailing list