On Sunday 14 July 2002 19:41, Craig wrote: > Hi Lynn, > I guess what I'm trying to ask is: Would the firewall allow the road > warrior computer (which has not been set up as an IPSec client) > access to the LAN...but I think the answer is NO...after all that's > the purpose of the firewall, right? Duh. But it seems like that's > what the documentation for FreeS/WAN implies when they talk about > "opportunistic encryption"...the firewall would TRY to establish > secure communications with road warrior clients, but if the road > warrior can't (because it hasn't been set up to do so, etc.)...then > the firewall would give it LAN access anyway. But like I said, that > doesn't make sense at all because it completely defeats the purpose > of having a firewall. I think I have that right, but feel free to > correct me if I'm "off-base".
Opportunistic authentication uses key-pairs on public DNS servers to eliminate much of the setup on the IPSec gateway using many road-warriors. The last I checked, it was still in testing. Unless you are running a public DNS server, I don't know if you could even set it up. But in any case, you logic would be correct, a machine must be running an IPSec client and authenticate with the remote machine to gain access to any of the remote LAN. If anyone is actually using this authentication method feel free to correct any information that I am not remembering correctly. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
