On Saturday 03 May 2008 14:00, Perry E. Metzger wrote:
> Right now, to use SSH to remotely connect to a machine using public
> keys, all I have to do is type "ssh-keygen" and copy the locally
> generated public key to a remote machine's authorized keys file.
> When there is an IPSEC system that is equally easy to use I'll switch
> to it.

OpenBSD has recently added the ipsecctl command, which greatly simplifies 
setting up IPSEC VPNs, especially between OpenBSD machines. A config file can 
be as simple as (from the man page):

ike esp from 192.168.3.1 to 192.168.3.2
ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2

And the file structure for storing certs, public/private keys, and shared 
secrets (which ipsecctl searches automatically) is equally simple.

-- 
Jeff Simmons                                   [EMAIL PROTECTED]
Simmons Consulting - Network Engineering, Administration, Security
"You guys, I don't hear any noise.  Are you sure you're doing it right?"
        --  My Life With The Thrill Kill Kult

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to