[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and multiple peers with unknown IPs

I'd like to create multiple IPsec tunnels to different OpenBSD hosts when I
don't know their IPs.  Because they route to a network I want to tunnel
traffic to, I believe each of these hosts will need their own
[ISAKMP-peer-XXX] section, and I'd like to differentiate which of these is
used based on the Authentication (be it X.509 or shared-secret, or whatever
I'd have to do to make this work).

I see in isakmpd.conf(5) and the IPsec FAQ that there is a 'Default=' in
[Phase 1], but what I really need is multiple 'Default=' lines each
requiring a specific shared-secret or X.509 cert.  Is this possible with
isakmpd?  Is this even possible with anything else?

Any pointers would be greatly appreciated.


"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

Visit your host, monkey.org