From: <h.b...@te...> - 2005-07-19 14:01:15
|
Hello, >>Hello, >> >>I've tried to configure a VPN-Gateway for several Road Warrior clients. >>This was done by using one anonymous section for each client. >>Futhermore i used certificates and "verify_identifier on". >>It seem that racoon only handle one phase1 anonymous section. >>Is there any workaround to solve this ? > > > Yes. > - you can use wildcards in certificate descriptions; > - you can have more than one peers_identifier statements to form list of > acceptable IDs; > - if you do have several IP adresses, you can run several instances > simultaneously (each listening on separate IP, with his onw config). Thanks for your hints. I intend to use phase1_up script_hook to set arbitary secure policy entries in case of connection requests. If i use the construct you descripted above, there will be no possibilty to differentiate between each client. All i have is the remote gateway IP. Are there perhaps more informations available in this hook ? I think consider to peers_identifier or something else. -Thanks in advance Henry Bürger |