Clint Pachl wrote:
On Friday 14 July 2006 15:09, pk.ra wrote:
Does OpenBSD support registering to a safe wireless network
using certificates?
Use IPSec: ipsecctl & isakmpd & RSA pubkeys.
1. Setup flows and SAs in ipsec.conf on both ends
2. Copy public RSA keys to each endpoint in /etc/isakmpd/pubkeys/...
3. Start the key management daemon: isakmpd -K
4. Setup the flows and SAs: ipsecctl -f /etc/ipsec.conf
5. Verify flows and SAs: ipsecctl -sa
6. Config pf to block all but encrypted traffic
For a simpler setup, you could use pre-shared keys, specified in
ipsec.conf, instead of RSA pubkeys.
-pachl
Thanks, I'll try.
