OK. I've looked again at your original post. I use neither Greenbow nor Shrewsoft, though I have tested with the latter, a long time ago, and used only shared passphrases.
OpenBSD's ISAKMPD implementation allows four different types of key authentication: shared passphrase, host keys, x509 certificates, and keynote certificates. Host keys (without certificates) are shared key pairs, which are most easily used between OpenBSD instances, and that is all I use in production.
See what your software vendors Greenbow and Shrewsoft can provide, and use that.
|