"Ken Ballou" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Actually, you should be able to configure IPsec to use a "pre-shared secret" > for authentication. > > It takes two to tango. Your Windows system is one endpoint for IPsec. What's > the other? Does your wireless access point implement IPsec? > > You may very well find configuring IPsec to be a headache. You may also > find configuring IPsec to use certificates for authentication (especially > certificates you generate yourself) to be a migraine headache. > > - Ken
Maybe I'm accidentally mixing terms... I assume (which is probably incorrect) that IPsec == 802.1X. What I'm seeing is that on the "Properties" for the connection there is an "Authentication" tab. That tab has a check box to enable 802.1X and allows you to select an EAP type. The default is "Smart Card or other Certificate" but there are other choices "MD5 Challenge" and PEAP. There is a button to configure advanced options which include setting where the certificate come from (smart card or certificate on this computer), setting "Trusted Root Certificates", ect. Using "gpedit.msc" I did see you can set IPsec to a "pre-shared secret" but that only covers authentication with the network not encryption. The problem is that the machines that I have to work with are XP Home machines which, if I remember correctly, doesn't have this file. Hopefully this answers your last questions: I want to encrypt all the data between 3 machines (currently 3 maybe more soon). I have been informed from several places that WEP is not enough because of some fundamental flaws in the protocol (which may not be solved with WPA). I need the process of encrypting the transported data to be as transparent as possible because the reciepients of this system are not "tech savvy". The given budget constraints (or more appropriatley the lack of any funds) the WAP is produced by Linksys ( BEFW11S4), which I don't believe is capable of being an IPsec endpoint. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
