Hi, I'm working on a product that makes it easier for people to deploy infrastructure on cloud services. I would love to offer a simple VPN that works with built-in OS X/Windows/etc. clients using username/password of some form. Strongswan fits the bill, but the PSK secrets are stored in plaintext.
Here's what I would like to do, and I want to find out from people who are much more knowledgeable than I whether this is feasible and reasonable: 1. End user interacts with our product and provides a username/password for VPN access 2. Instead of adding username/password to ipsec.secrets as plaintext EAP, add password as bcrypt hashed value 3. Store new ipsec.secrets as a privately accessible file (say in AWS S3 so the VPN server can just grab the latest file when the server starts up) 3. StrongSwan verifies new connections using bcrypt hash Is this possible to implement? I don't really know how all the IPSec protocols work, so I'm hoping someone here can provide some guidance. Thanks! _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
