Hi,
On Tue, 03.10.2006 at 13:25:50 +0200, Joachim Schipper <[EMAIL PROTECTED]>
wrote:
> If those are just standard OpenSSL-style x509 certificates, you can
> generate them whereever you want, and they will work just fine.
I routinely generate such certificates on Linux with OpenSSL and deploy
on OpenBSD for use with isakmpd. Last I looked, the "SubjectAltName"
part was mandatory for this kind of usage.
> 4.0 has a lot of improvements, and ISTR that some of those are
> necessary to use ipsec.conf with clients that change IP adresses.
Do you mind going into details? I'm so far using the classical
isakmpd.{conf,policy} thingy to authenticate eg. roaming users with
their certificates.
Best,
--Toni++
