Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] freeswan authentication

From: Maarten (subscriptions_at_hartsuijker.com)
Date: Fri May 03 2002 - 00:21:49 CEST

Next message: zdzichu_at_irc.pl: "[Users] Both ends of ppp connection with same address"
Previous message: Tim Weippert: "Re: [Users] Reloading ipsec.conf"
Next in thread: Teemu Torma: "Re: [Users] freeswan authentication"
Reply: Teemu Torma: "Re: [Users] freeswan authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

I have been using Freeswan for a couple of weeks now. Excellent product and
very good documentation. There are a couple of things though, that I would
like to implement but can't find anything about. I was wondering if some of
you know if these options exist and what kind of (additional)
patches/settings I need to set it up.

First thing is combined authentication of keys and a password. Currently all
I can find is the RSA, the PSK and the X509 option. When using one of these
items for authentication (on for instance a road warrior), all info to
connect to the VPN gateway is stored on the "roadwarrior" laptop. Therefor,
if the laptop would be stolen or broken into, all info to connect to the VPN
gateway would be compromised. To minimize impact of these risks, I am
searching for an authentication method where I can put a password on a
privat key, and share the public key with the VPN gateway. Of course, I do
not want to put the password of the privat key in the /etc/ipsec.secrets
(like the X509 patch seems to need) file, because then, a compromised
roadwarrior laptop would still lead to a compromised VPN link. A pop-up with
a message to enter a password to unlock the privat key the moment you are
bringing up the VPN would seem ideal to me. Does anyone know if there is a
solution for something like this?

Second is the connection to the roadwarrior once connected. If I would setup
a connection to the VPN-gateway using my roadwarrior configuration, there is
an open network connection to the internal LAN from my roadwarrior. If
someone would brake in to my laptop, he could hop into the network, I have
just opened a VPN connection to. Does anyone know of a setting to shutdown
all network connection of the road warrior once connected to the VPN gateway
(except for the nexthop and the VPN itself ofcourse...)

thanks!
maarten

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: zdzichu_at_irc.pl: "[Users] Both ends of ppp connection with same address"
Previous message: Tim Weippert: "Re: [Users] Reloading ipsec.conf"
Next in thread: Teemu Torma: "Re: [Users] freeswan authentication"
Reply: Teemu Torma: "Re: [Users] freeswan authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST