Hi, I am trying to figure out how to use certificates to validate users and set up specific security associations and policies using IPSEC and ISAKMP under OpenBSD. Specifically, I am trying to figure out what options need to be set in the certificates that I issue to the users and how I set up the ISAKMPD policy and config files to properly authenicate each user with a certificate and then grant them the appropriate access to my network. We currently have the VPN up and running using a passphrase between two static IPs as well as one laptop with no fixed IP. Currently the network looks like this:
rw <-> net <-> secure gateway <-> insecure subnet and insecure subnet <-> secure gateway <-> net <-> secure gateway <-> insecure subnet This a copy of our current isakmpd.config file with the IPs changed to protect the innocent. http://www.thinkstream.com/~pieter/isakmpd.conf-example.txt Thanks Pieter Paulson Systems Administrator Thinkstream, Inc.