[Vpn-help] 1.1 RC1 Bug?

Matthew Grooms mgrooms at shrew.net
Mon Sep 18 23:40:10 CDT 2006


Brian Jones wrote:
> 
> I'll hit Peter up on that part. I found it odd that I can still connect with
> nothing in the String. Granted I can't create a new hybrid xauth connection,
> I can use the already created without a problem.  I wonder if that would be
> the case with an import too, I'll have to try that out.
> 

Brian,

If you are sending an asn1dn id, racoon will not verify it anywhere in 
hybrid mode even with id checking enabled unless there is a ...

peers_identifier asn1dn "<your id>";

... configured. With hybrid mode, there isn't a whole lot of 
verification done by a gateway anyhow as the main authentication is your 
user id and password. Its probably best to use a FQDN and set it on the 
server so at least with Main Mode ( aka Identity protect ), there is a 
bit of added security.

Thanks,

-Matthew



More information about the vpn-help mailing list