Thanks Vanhu:

could you give me some tips on this knowhow?



--- VANHULLEBUS Yvan <[EMAIL PROTECTED]> wrote:
>
> IPsec with dynamic remote IPs is not as difficult,
> especially with
> racoon's generate_policy option, but you'll need to
> know what you are
> doing: Aggressive mode + PSK is known to be less
> secure than other
> modes, Main mode + PSK can't be done with remote
> dynamic IPs, and Main
> mode + X509 certificates need to have some X509
> certificates
> knowledge...
> 
> 
> But it CAN be done, it is probably NOT the most easy
> way of doing
> things, but it is probably the most secure, the most
> interoperable and
> the most "easy" to administrate when it's in
> production...
> 
> 
> Yvan.
> 
> -- 
> NETASQ - Secure Internet Connectivity
> http://www.netasq.com
> _______________________________________________
> freebsd-security@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to