[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and multiple peers with unknown IPs

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: isakmpd and multiple peers with unknown IPs
From: Dan Brosemer <odin_(_at_)_svartalfheim_(_dot_)_net>
Date: Tue, 26 Nov 2002 12:04:41 -0500
Battlestar-galactica-date: 43649 centons, 21 microns, 11.11 lutefisk
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

I'd like to create multiple IPsec tunnels to different OpenBSD hosts when I
don't know their IPs.  Because they route to a network I want to tunnel
traffic to, I believe each of these hosts will need their own
[ISAKMP-peer-XXX] section, and I'd like to differentiate which of these is
used based on the Authentication (be it X.509 or shared-secret, or whatever
I'd have to do to make this work).

I see in isakmpd.conf(5) and the IPsec FAQ that there is a 'Default=' in
[Phase 1], but what I really need is multiple 'Default=' lines each
requiring a specific shared-secret or X.509 cert.  Is this possible with
isakmpd?  Is this even possible with anything else?

Any pointers would be greatly appreciated.

-Dan

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

Prev by Date: Booting from AMI MegaRAID Express 200 / HP NetServer LC2000
Next by Date: Re: ultrasparc 3
Previous by thread: Re: Booting from AMI MegaRAID Express 200 / HP NetServer LC2000
Next by thread: CHAP Authentication Issues (UK ADSL)
Index(es):
- Date
- Thread

Visit your host, monkey.org