Re: Tunneling in NetBSD

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Thu, Nov 19, 2020 at 02:18:26PM +1030, Brett Lymn wrote:
> On Thu, Nov 19, 2020 at 07:08:38AM +1030, Brett Lymn wrote:
> > 
> > I will dig up the document I wrote about the setup.  My fuzzy memory is that there
> > were no hacks required.
> 
> Little wonder my memory was fuzzy - I did this 13 years ago.  I found
> the documentation.  I did use a radius server as the backend auth along
> with a self-signed certificate for hybrid rsa-xauth.
> 
> Unfortunately, the document I have not not generic and contains some
> confidential details but I am happy to provide sanitised snippets to
> help out.
> 
> Below is the racoon.conf, if you need to see the radiusd.conf I have
> that too but it is fairly long.
> 
> This is the racoon.conf, there were 3 classes of users, the data entry
> people, admin staff and developers.  The radius server was used to map
> the user to the appropriate class depending on group membership:

thanks, I think this will help. We already have radius servers, so I
should be able to deal with this part. racoon is the problem for me, I
didn't find much documentation about it ...

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--