transport mode IPSec with Windows 7, static keys
Victor Sudakov
vas at mpeks.tomsk.su
Wed Sep 23 03:03:46 UTC 2015
Larry Baird wrote:
>
> > I use IKE when I have to, but would like to use static keys with
> > Windows specifically, or at least would like to definitely know if it
> > is at all possible or not.
> Static keys are too weak from a security stand point.
I can imagine situations where static keys are sufficient, or may
present a lesser risk than installing third party VPN solutions on
Windows.
> I have never tried
> to configure them on Windows. Sorry I can't help.
I configured them between FreeBSD and Cisco, as well as two FreeBSD
hosts. The main problem with Windows is that it can have only one key
both for encryption and authentication, while setkey requires two
different keys to be of different lengths, which is kinda difficult to
set up with setkey.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-net
mailing list