On Aug 10, 2009, at 6:37 PM, Christopher Sean Hilton wrote:
I have a couple of questions regarding setting up ipsec.
I've read the "4 minutes" page and modified the older setup to work
with 2 OpenBSD 4.5 boxes. That's enough to get me going with an
IPsec tunnel by IP addresses but one side of my connection is a
consumer grade DSL line which wants to have it's address changed
every 5 minutes (sigh). I obviously need to setup ipsec with FQDN. I
initially tried to do this with certificates but I couldn't get
things to work so I've rolled back to using public keys and
everything appears to be okay.
My question is this: When you use certficates does isakmpd still use
/etc/isakmpd/private/local.key
as the private key for the crypto negotiation or can that be changed.
Thanks for the followups. IT looks like local.key is the key if you
don't use the local tag in your configuration as in:
ike passive esp from hisname.hisnet.histld to myname.mynet.mytld \
local my_identifier
Thanks again.
-- Chris
Chris Hilton tildeChris -- http://myblog.vindaloo.com
email -- chris/at/vindaloo/
dot/com
.~
~
.--.~
~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.--.~~.
"I'm on the outside looking inside, What do
I see?
Much confusion, disillution, all
around me."
-- Ian McDonald / Peter
Sinfield