Hello ports@,
I'm a happy user of sane OpenBSD IPsec. There is one thing that I haven't been
able to figure out yet though. I want to simultaneously connect to two IPsec
servers, both of which are OpenBSD boxes and both of them use X509
certificates. These two servers are managed by different administrators and
are absolutely unrelated. Hence, their X509 certs are created with different
CAs. In both cases, I haven't been given opportunity to provide my own CSR for
them to generate my certificate. Hence, I'm given two pair of keys/certs for
each server. Basically, the two CSRs are signed using two different private
keys. What this means to me is that I need to have two separate
/etc/isakmpd/priavte/local.key for each server. I believe that
/etc/isakmpd/priavte/local.key is glued in isakmpd and I have no way of
specifying a separate local.key for each server I'm connecting to. Am I
missing something? By the way, I obviously use ipsecctl(8) to configure
IPsec.
Thanks in advance.
