搜索

此内容没有您所选择的语言版本。

2.7.2. VPN Configurations Using Libreswan

download PDF
Libreswan does not use the terms source or destination. Instead, it uses the terms left and right to refer to end points (the hosts). This allows the same configuration to be used on both end points in most cases, although most administrators use left for the local host and right for the remote host.
There are three commonly used methods for authentication of endpoints:
  • Raw RSA keys are commonly used for static host-to-host or subnet-to-subnet IPsec configurations. The hosts are manually configured with each other's public RSA key. This method does not scale well when dozens or more hosts all need to setup IPsec tunnels to each other.
  • X.509 certificates are commonly used for large scale deployments where there are many hosts that need to connect to a common IPsec gateway. A central certificate authority (CA) is used to sign RSA certificates for hosts or users. This central CA is responsible for relaying trust, including the revocations of individual hosts or users.
  • Pre-Shared Keys (PSK) is the simplest authentication method. PSK's should consist of random characters and have a length of at least 20 characters. Due to the dangers of non-random and short PSKs, this is the least secure form of authentication and it is recommended to use either raw RSA keys or certificate based authentication instead.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.