Bharj, Gagan wrote:
Hello Folks,
I have got my VPN working with automatic key exchange and a hard-coded
password. I would like to implement the VPN using public/private keys. Do
you guys know of any site that has a good tutorial on how to set up such a
system? BTW Would such a setup require creating both server and client
certificates, or just creating RSA keys on the client and server will suffice?
My knowledge in PKI is limited so any advice you guys could give would be
greatly appreciated.
Certificates and keys are completely different methods. See isakmpd(8)
for examples. The man page has a good PKI implementation using X509
certificates. You just have to remember that there are, logically, three
computers when using X509. There is the Certificate Authority (CA),
which is known and trusted by "registered" or certified hosts. Then
there are the two unrelated hosts that want to communicate with each
other. These hosts query each other for their certificates and verify
the certs with the CA. If you have an extra box, it would be really cool
to set it up as your local CA.
Supported methods per isakmpd(8):
1. Passphrase
2. Host Keys
3. X509 Certificates
4. Keynote Certificates
I know nothing about Keynote so I'm not sure if it can be used in a VPN.
If anybody is using Keynote I would love to hear where it can be used
advantageously.
-pachl
