Hi Stuart.
Stuart Henderson <stu () spacehopper ! org>
> iked doesn't handle retransmitting dropped ike packets yet, so it's not a
> great choice for wireless. isakmpd should be fine though.
I read through ISAKMPD and IKED and noticed this:
iked is not yet finished and is missing some important security features.
It should not yet be used in production networks.
I might try and get IPsec up first anyway and stop being so ambitious.
> - if you will be communicating with other machines in the same subnet,
> they will send return traffic directly rather than via the router,
> i.e. unencrypted and will not update PF state (so tcp sessions
> will break after a short time). you can either setup bypass flows
> in ipsec.conf, use different subnets, maybe other options.
It will be gateway to gateway so I'll avoid that.
Fortunately I'm the only Wireless client.
Thanks for the examples.
When I get stuck later on I'll re-read your mail. :]
Best wishes.
