From: Aidas K. <a.k...@gm...> - 2005-05-25 18:32:32
|
Carl Youngblood wrote: > I have a couple of questions: > > 1) In racoon.conf, is it possible to use a different "remote > anonymous" setting on a per port basis? What we are trying to do is > this: We have many different incoming requests that we want to have > authenticated. We want requests for certain daemons (running on > specific ports) to use different keypairs for authentication but have > all other requests use a default keypair for authentication. We were > hoping it would be possible to have something like this: No. This is not possible in principle with any IPSec software, because hosts authenticates each other *before* even starting to negotiate SAs, from which one could infer which port other end will try to contact. > > etc. etc. Is this possible? I know that this is a racoon-centric > project, but does anyone if ISAKMPd is more flexible in this regard? Please, elaborate, why you need this and we may come up with other solution. > > 2) Is there any support for hardware tokens in racoon? If so, what > card types/applets are supported? (opensc, muscle, etc.) > At the moment I did not heard anybody working on that. Racoon uses openssl as a crypto engine, therefore cards supported by openssl have chances to get supported by racoon too. BTW, you're first to raise this question, AFAIK. -- Aidas Kasparas IT administrator GM Consult Group, UAB |