We have been testing m0n0wall IPSEC VPNs on a Soekris net4801, with
quite pleasing results.
We used a fairly robust random number generator for generating a
pre-shared key for IPSEC
(http://www.irisa.fr/caps/projects/hipsor/HAVEGE.html). As this
generates binary, we were curious as to the character set allowed for
the psk. Our thought was that we would be usling very little of the
available keyspace iin normal characters if a full set were allowed.
We opened our random data in a hex ediitor, copied the equivalent
text (unprintable chars and all) into the psk field in m0n0wall, and
- Device displays "XML error: not well-formed (invalid token) at line
163" on all input.
- Rebotting the device, it takes no IP, and the console interface
returns the same error message on input.
A couple of things, then:
- I don't know if the limitation is on the underlying IPSEC backend,
or m0n0wall, but I would be appreciative of a legend in the GUI saying
something like "256 ASCII char max" or "1024 Unicode char max" or the
- While this is a stupid move on a user's part (what testing is for,
thank goods!), should m0n0wall try and prevent it?
many kind thanks,