[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd and multiple peers with unknown IPs
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: isakmpd and multiple peers with unknown IPs
- From: Dan Brosemer <odin_(_at_)_svartalfheim_(_dot_)_net>
- Date: Tue, 26 Nov 2002 12:04:41 -0500
- Battlestar-galactica-date: 43649 centons, 21 microns, 11.11 lutefisk
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
I'd like to create multiple IPsec tunnels to different OpenBSD hosts when I
don't know their IPs. Because they route to a network I want to tunnel
traffic to, I believe each of these hosts will need their own
[ISAKMP-peer-XXX] section, and I'd like to differentiate which of these is
used based on the Authentication (be it X.509 or shared-secret, or whatever
I'd have to do to make this work).
I see in isakmpd.conf(5) and the IPsec FAQ that there is a 'Default=' in
[Phase 1], but what I really need is multiple 'Default=' lines each
requiring a specific shared-secret or X.509 cert. Is this possible with
isakmpd? Is this even possible with anything else?
Any pointers would be greatly appreciated.
"Burnished gallows set with red
Caress the fevered, empty mind
Of man who hangs bloodied and blind
To reach for wisdom, not for bread." -- Deoridhe Grimsdaughter