On Jun 7, 2011, at 11:29 AM, Rodolfo Gouveia wrote: > On 06/05/2011 02:37 AM, Paul Suh wrote: >> Folks, >> >> I've been working with the flashrd system for booting from compact flash >> media, and ran across a case where I'd like to make some changes to isakmpd, >> but before I do so I'm not sure that it's a good idea. >> >> The location for certificates, CA's, private keys, etc. is hard-coded in >> /usr/src/sbin/isakmpd/conf.h and conf.c to be /etc/isakmpd/. I'd like to be > > I thought you could change those in isakmpd.conf: > # Certificates stored in PEM format > [X509-certificates] > CA-directory= /etc/isakmpd/ca/ > Cert-directory= /etc/isakmpd/certs/ > CRL-directory= /etc/isakmpd/crls/ > Private-key= /etc/isakmpd/private/local.key > I took the above from the isakmpd.conf(5).
Rodolfo, Thanks for the input, but the lockout to /etc/isakmpd actually happens in the code -- see my reply to Stuart Henderson's post. Changing the values in isakmpd.conf won't do anything. Also, I'm not using isakmpd.conf -- I'm using ipsec.conf and running "isakmpd -K" so that I can use ipsecctl. This is a lot simpler than isakmpd.conf and is (I believe) the preferred way to do IPSec these days. --Paul [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]