Lynn Avants ([EMAIL PROTECTED]) had this to say on 02/10/03 at 19:17: > On Monday 10 February 2003 10:58 am, Charles Steinkuehler wrote: > > > I am unaware of any issue that would prevent you from continuing to use > > PSKs after switching to the 509 version of FreeS/WAN. As far as I know, > > PSKs work identically between the "plain" and x.509 patched versions. > > That might be, I thought the packages (after 1.91 anyway) would bomb out > on initiation if the certs weren't loaded (or there) on the x509 package. In
Actually, I have the certs already, and they seem to be loading (which doesn't mean that they *work*, of course :-) And if not, almost certainly my error creating/configuring the certs). I think that if they load without error, I can then use PSKs instead of the certs, if I choose. Or use both, perhaps, depending on the tunnel config. > any case, it would be one less layer of possible problems until it tries to > authenticate using PSK. Hopefully, we'll find out soon. I followed the Shorewall VPN document to the letter, and now will be trying to verify my ipsecrets.conf entries. (left is me, right is them - do I have that right? If so, I have all the entries, except for that rightnexthop .. is that the gateway entry for the other subnet?)
msg12930/pgp00000.pgp
Description: PGP signature