[ previous ] [ next ] [ threads ]
 
 From:  "Jeroen Visser" <monowall at forty dash two dot nl>
 To:  Dave Warren <maillist at devilsplayground dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.2b7
 Date:  Sat, 26 Mar 2005 10:59:46 +0100
On Fri, 25 Mar 2005 23:22:45 -0700, Dave Warren wrote

> However, I'd also like our wireless laptops to be able to use IPSec 
> rather then WEP for security in-house.  This could mean a potential 
> 2x54Mb of IPSec traffic (although in the real world it will be 
> significantly less most of the time) -- I have no idea if m0n0wall can 
> do this or not, but it sounds like a fun experiment.

Please bare in mind when letting the laptops communicate with your monowall, only
agressive mode is accepted due to the fact that M0n0wall does not support
Certificate Authetication yet. Only PSK. With PSK you can only use Main mode when
issueing the same IP to the same laptop with the same PSK. Otherwise use agressive
mode. 
Agressive mode is not really secure !

Main modes uses more cpu...
Please beware. ;-)

I personally REFUSE anything else except Main mode.


--
Kind regards,
Jeroen Visser.