|
|
James, I see that you have put a lot of thought into this issue already. You addressed all the important issues for a client-oriented VPN. You ideas sound interesting to me. Looks like this would work. I am thinking that for this (client-oriented) scenario one could optionally leave out the certificate-based authentication and only use pre-shared secrets. This, combined with a one-time password system, should give sufficient security while reducing the complexity of such a solution. Stephan The fork project is definitely high on the wish list right now, and I was contemplating jumping into it after 1.5 is released. > ... -- Stephan Scholz <sscholz@xxxxxxxxxx> | Development Astaro AG | www.astaro.com | Phone +49-721-490069-0 | Fax -55 Visit Astaro at: - CeBIT asia, German Pavilion, Pudong, Shanghai, Sep. 18-23, 2003 - Infosecurity Scandinavia, booth C02:38, Stockholm, Sep. 23-25, 2003 - GITEX, German Pavilion, Dubai, Oct. 19-23, 2003 - Systems 2003, hall B2, booth 326, Munich, Oct. 20-24, 2003 |