On Fri, Nov 24, 2006 at 07:35:10PM +0900, Mathieu Sauve-Frankel wrote:
> > > Now VPN-A has this in ipsec.conf:
> > > ike passive esp from any to any srcid [EMAIL PROTECTED] dstid
> > > [EMAIL PROTECTED]
>
> If you need to support more than one user in you roadwarrior setup.
> Then don't set dstid.
But, according to ipsec.conf:
dstid is similar to srcid, but instead specifies the ID to be used
by the remote peer.
So, if I want multiple roadwarriors to connect, with X.509
certificates, and I leave srcid blank, won't the authentication occur
with the client IP, for which I certainly won't have a CERTIP
certificate because the IP is undetermined?
--
albert chin ([EMAIL PROTECTED])
