On 3/2/23 10:44, Stuart Henderson wrote:
> On 2023/03/01 22:15, A Tammy wrote:
>>>
>>> -# Configuration for clients connecting with EAP authentication.
>>> +# Configuration for clients connecting with EAP authentication
>>> +# and sending all traffic over the IKEv2 tunnel.
>>> # Remember to set
Le Thu, Mar 02, 2023 at 03:44:35PM +, Stuart Henderson a écrit :
> On 2023/03/01 22:15, A Tammy wrote:
> > >
> > > -# Configuration for clients connecting with EAP authentication.
> > > +# Configuration for clients connecting with EAP authentication
> > > +# and sending all traffic over the IKE
On Thu, Mar 02, 2023 at 03:44:35PM +, Stuart Henderson wrote:
> Could add a couple more lines to make that more clear though,
> and give some hints for people who don't know what PKI is - see below.
>
> On 2023/03/02 05:35, Crystal Kolipe wrote:
Well done for the, (possibly unintentional), su
On 2023/03/01 22:15, A Tammy wrote:
> >
> > -# Configuration for clients connecting with EAP authentication.
> > +# Configuration for clients connecting with EAP authentication
> > +# and sending all traffic over the IKEv2 tunnel.
> > # Remember to set up a PKI, see ikectl(8) for more information.
On Wed, Mar 01, 2023 at 04:53:00PM +, Stuart Henderson wrote:
> How about this? Show a strong psk in the example
...
> -#psk "you-should-not-use-psk-authentication!"
> +#psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA"
I strongly disagree with this change.
Not only are you r
On 3/1/23 11:53, Stuart Henderson wrote:
> [from misc]
>>> I don't see that in the iked.conf manual. There is some reference to not
>>> using psk in /etc/examples/iked.conf but it's not clear whether that's
>>> because of the need to share a single psk with all endpoints connecting
>>> via the sa
On Wed, Mar 01, 2023 at 04:53:00PM +, Stuart Henderson wrote:
> [from misc]
> > > I don't see that in the iked.conf manual. There is some reference to not
> > > using psk in /etc/examples/iked.conf but it's not clear whether that's
> > > because of the need to share a single psk with all endpoi
[from misc]
> > I don't see that in the iked.conf manual. There is some reference to not
> > using psk in /etc/examples/iked.conf but it's not clear whether that's
> > because of the need to share a single psk with all endpoints connecting
> > via the same iked.conf configuration line (certainly a