~nupdate: never mind… replaced it with wireguard. \o/
is there any sane way to do ike+xauth with user/pass and psk on openbsd 7.8?
(iphone roadwarrior config, due to app constraints ikev2 is not an option, that would be easy…)
Hannes Deeken@nblr how did you do user/pass on top of wireguard? (assuming you did 😉)
@Glenlivet There’s no user/pass in wg.
But in did a “pass in quick” on pf.
So technically it counts as two factor 🤓
Imfosec is my passion.
But in did a “pass in quick” on pf.
So technically it counts as two factor 🤓
Imfosec is my passion.
@nblr I knew that there is nothing integral regarding user/pass to wg as opposed to e.g. openvpn, that's why I was asking 😉
How does 'pass in quick' provide a 2nd factor?
@Glenlivet I was trying to match your humor.
It was not a good match. 🙃
It was not a good match. 🙃
@nblr oh, ok then 😁
@Glenlivet On a more serious note… This was a point-to-point connection with one user. Else I wouldn't have used it. xauth is a very sorry bolted-on band-aid and relying on a single psk for all users is… uhm… "not good practice". I was not aware that the other end supported wg by now, so I happily could ditch that legacy junk.
@nblr I can totally relate.