On 2008/04/27 14:18, Marten Rizwan wrote: > Hello ports@, this isn't exactly ports@ material...CC'd/reply-to set to misc.
> I'm a happy user of sane OpenBSD IPsec. There is one thing that I haven't been able to figure out yet though. I want to simultaneously connect to two IPsec servers, both of which are OpenBSD boxes and both of them use X509 certificates. These two servers are managed by different administrators and are absolutely unrelated. Hence, their X509 certs are created with different CAs. In both cases, I haven't been given opportunity to provide my own CSR for them to generate my certificate. Hence, I'm given two pair of keys/certs for each server. Basically, the two CSRs are signed using two different private keys. What this means to me is that I need to have two separate /etc/isakmpd/priavte/local.key for each server. I believe that /etc/isakmpd/priavte/local.key is glued in isakmpd and I have no way of specifying a separate local.key for each server I'm connecting to. Am I missing something? By the way, I obviously use ipsecctl(8) to configure IPsec. > Thanks in advance. > I haven't tried this, and it's not in the manual as far as I can see, but it looks like isakmpd looks in files named after the identity of the local peer (i.e. srcid) before it tries local.key. If you get it working, let me know the details and I'll try and come up with something for the manual...
