On Saturday 03 May 2008 14:00, Perry E. Metzger wrote: > Right now, to use SSH to remotely connect to a machine using public > keys, all I have to do is type "ssh-keygen" and copy the locally > generated public key to a remote machine's authorized keys file. > When there is an IPSEC system that is equally easy to use I'll switch > to it.
OpenBSD has recently added the ipsecctl command, which greatly simplifies setting up IPSEC VPNs, especially between OpenBSD machines. A config file can be as simple as (from the man page): ike esp from 192.168.3.1 to 192.168.3.2 ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2 And the file structure for storing certs, public/private keys, and shared secrets (which ipsecctl searches automatically) is equally simple. -- Jeff Simmons [EMAIL PROTECTED] Simmons Consulting - Network Engineering, Administration, Security "You guys, I don't hear any noise. Are you sure you're doing it right?" -- My Life With The Thrill Kill Kult --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]