NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Tunneling in NetBSD
On Mon, Nov 16, 2020 at 03:50:21PM +0200, Andreas Gustafsson wrote:
> Greg Troxel wrote:
> > My suggestion is openvpn.
> [...]
> > You do need to set up certificates
>
> Not if you use the static key encryption mode.
Whilst this is correct the OP did mention android which could mean a mobile device
on the internet. In this case, certificate based identity is the simplest and most
secure way of identifying the end points.
Years ago I used NetBSD to configure a vpn end point for a clint, I used hybrid
xauth which was a combination of a certificate as well as username/password that
allowed two classes of access to the network, one being restricted to certain
services and another admin role that had broader access. The clients were mostly
windows pcs.
Certainly, start with preshared keys to get the basic vpn config working even if you
plan something more complex, debugging a psk setup is comparatively easy. Once psk
is working switch the auth to what is desired to debug that.
--
Brett Lymn
--
Sent from my NetBSD device.
"We are were wolves",
"You mean werewolves?",
"No we were wolves, now we are something else entirely",
"Oh"
Home |
Main Index |
Thread Index |
Old Index