[Vpn-help] PSK client with asn1dn server?
Matthew Grooms
mgrooms at shrew.net
Fri Sep 15 12:30:40 CDT 2006
Peter Eisch wrote:
> On 9/15/06 12:24 PM, "Matthew Grooms" <mgrooms at shrew.net> wrote:
>
>> Peter Eisch wrote:
>>> I changed my testing server back to 'my_identifier asn1dn' and
>>> [re]connected with the mutual-psk-xauth config and it connected. Does
>>> this make sense? How could the client auth the server? The server
>>> seems to go through the motions of doing RSA steps (still not an expert
>>> on reading racoon's -ddd output) even though the phase 1 proposal is
>>> matched for PSK. Is this intentional or a bug?
>>>
>>> It would seem to me that the client should make some effort to auth the
>>> server given the policy. Oddly I like the behavior, but it doesn't seem
>>> to make any sense or could be seen to be a security hole.
>>>
>>> Bewildered,
>>>
>>> peter
>>>
>> You have to stop and restart the ipsecc instance for it to pick up the
>> config modifications.
>>
>
> The client config hasn't changed. I only changed and restarted the server
> config. The client is still PSK but the server was changed back to
> asn1dn...
>
Hmmm, I will take a look at this.
-Matthew
More information about the vpn-help
mailing list