Re: Tunneling in NetBSD

To: Andreas Gustafsson <gson%gson.org@localhost>
Subject: Re: Tunneling in NetBSD
From: Brett Lymn <blymn%internode.on.net@localhost>
Date: Wed, 18 Nov 2020 07:28:51 +1030

On Mon, Nov 16, 2020 at 03:50:21PM +0200, Andreas Gustafsson wrote:
> Greg Troxel wrote:
> > My suggestion is openvpn.
> [...]
> > You do need to set up certificates
> 
> Not if you use the static key encryption mode.

Whilst this is correct the OP did mention android which could mean a mobile device
on the internet.  In this case, certificate based identity is the simplest and most
secure way of identifying the end points.

Years ago I used NetBSD to configure a vpn end point for a clint, I used hybrid
xauth which was a combination of a certificate as well as username/password that
allowed two classes of access to the network, one being restricted to certain
services and another admin role that had broader access.  The clients were mostly
windows pcs.

Certainly, start with preshared keys to get the basic vpn config working even if you
plan something more complex, debugging a psk setup is comparatively easy.  Once psk
is working switch the auth to what is desired to debug that.

-- 
Brett Lymn
--
Sent from my NetBSD device.

"We are were wolves",
"You mean werewolves?",
"No we were wolves, now we are something else entirely",
"Oh"

Follow-Ups:
- Re: Tunneling in NetBSD
  - From: Manuel Bouyer
- Re: Tunneling in NetBSD
  - From: Bodie

References:
- Tunneling in NetBSD
  - From: Francisco Valladolid H.
- Re: Tunneling in NetBSD
  - From: Greg Troxel
- Re: Tunneling in NetBSD
  - From: Andreas Gustafsson

Prev by Date: Re: Bump - Non-functional xfreerdp2 on 8.1 STABLE - missing POSIX timer_create?
Next by Date: Re: Tunneling in NetBSD
Previous by Thread: Re: Tunneling in NetBSD
Next by Thread: Re: Tunneling in NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index