[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and multiple peers with unknown IPs



I'd like to create multiple IPsec tunnels to different OpenBSD hosts when I
don't know their IPs.  Because they route to a network I want to tunnel
traffic to, I believe each of these hosts will need their own
[ISAKMP-peer-XXX] section, and I'd like to differentiate which of these is
used based on the Authentication (be it X.509 or shared-secret, or whatever
I'd have to do to make this work).

I see in isakmpd.conf(5) and the IPsec FAQ that there is a 'Default=' in
[Phase 1], but what I really need is multiple 'Default=' lines each
requiring a specific shared-secret or X.509 cert.  Is this possible with
isakmpd?  Is this even possible with anything else?

Any pointers would be greatly appreciated.

-Dan

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter



Visit your host, monkey.org