VPN through BSD for Win2k, totally baffled
Michael Collette
metrol at metrol.net
Thu May 8 13:40:15 PDT 2003
On Thursday 08 May 2003 05:26 am, Jacques A. Vidrine wrote:
> It's hard to tell from your message where you are getting lost, but I'll
> give it a shot. Assuming you have all your certificates (let's call
> them client.crt/client.key, server.crt/server.key, and ca-local.crt):
Took me a while to figure out how to even ask the question! After heading
down a bunch of dead ends and all.
A couple of follow up questions to this. If I go the route of handing out
certificates to end users, is there a mechanism for revoking their rights to
enter? Employees do get other jobs, and almost all of them are using laptops
which they travel with. We've had folks get laptops stolen.
Is the cert an all or nothing kinda deal. For instance, I need a different
level of access than a salesperson. We have a programmer who needs access to
different resources than myself or sales. All of these outside folks are on
dynamic IPs.
With these additional needs in play am I still wise to head down the road of
IPSec certificates?
Later on,
--
"Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark
to read."
- Groucho Marx
More information about the freebsd-security
mailing list