Menu
▾
▴
Re: [Ipsec-tools-devel] many "remote anonymous" sections
|
From: VANHULLEBUS Y. <va...@fr...> - 2005-07-20 11:45:07
|
On Wed, Jul 20, 2005 at 12:37:01PM +0200, Henry Bürger wrote: > Hello, [...] > I have tested a little bit more. struct remoteconf has only one > peerscertfile pointer. But ipsec_doi.c supports wildcard in > peers_identifier. How does match this ? > The problem i still have is, that racoon only use the last certfile in > "remote anonymous" section. > If another client try on start a new phase1 negotiation, racoon > complains about the ID mismatch. Hi. peers_certfile should only be used in some very specific conditions, when you know that your peer will always use THIS certificate. For most situations, including roadwarriors and one remote anonymous section, you should have one (or many ?) CA certificates and hashes in the certificates directory, and optionnaly some configuration about allowed peers identifiers. Yvan. |