Why "server" and "client" nomenclature?

  • As far as I can tell, we are allowed only one "client" per "server", unless using PKI.  It seems a misuse of the term "server" if I can have only one client talk to it in shared-key mode.  Or is it possible to have multiple clients even with shared keys?


  • Rebel Alliance Developer Netgate

    AFAIR, you can have multiple clients with shared key, it's just not recommended because you can't revoke one key without making everyone re-enter the keys, whereas with PKI you can revoke a single client's key and nobody else is impacted.

    Also, routing for multiple networks is more difficult with shared key, you can't push routes centrally from the server like you can with a PKI setup.

  • When I tried it, the "address pool" was messed up.  It chose the same range for two clients and could not distinguish them.  I couldn't figure out a way to force the pool to a specific range for the two clients as the server has only one place to enter the pool and it must be the entire range.

    Just more stuff to figure out.  If it were easy anybody could do it – and they wouldn't need an overpriced curmudgeon like me! :P

Log in to reply