tensai at zmonkey.org
Wed Nov 9 09:16:39 MST 2005
On Wed, 2005-11-09 at 08:35 -0700, Andrew McNabb wrote:
> On Wed, Nov 09, 2005 at 08:23:36AM -0700, Hans Fugal wrote:
> > Provided you're using the server mode (which implies TLS). If you are
> > using e.g. preshared keys then you'd have to run a second daemon on the
> > "server" peer (with its own tun).
> Could you explain that a little more? I'm not familiar with this second
> way. Thanks.
TLS is the way to go. First, a few references.
The gist of it is to create a CA certificate, then create a server cert
(signed by the CA), and finally client certs (also signed) for each
client. Doing so you can support any number of clients with just the one
Once you go to TLS you can also use per-client settings using the
client-config-dir setting. I use that to push extra IP addresses to
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20051109/20673935/attachment.bin
More information about the PLUG