Hi,
I'm trying to setup the following IPsec scenario.
1. Clients are either OS X or Windows connecting from arbitrary IPs
and hostnames and sometimes behind NAT connections.
2. OpenBSD 4.4 server.
I have certificates created and signed by our CA with the e-mail
address used as the UFQDN in the subjectAltName field. Similarly I
have a certificate for the firewall with its IP address in the
subjectAltName.
The internal network is the subnet 192.168.0/24 and I would like to
have addresses in the 192.168.1/24 range assigned to the VPN
connections. I was wondering how this would be done with ipsec.conf? I
have previously configured a similar setup using isakmpd.conf, but the
examples for ipsec.conf only seem to address cases where both ends
have hostnames or IP addresses that are known. In this case I don't
have any idea of the client (except the cert).
Anyone know how to do this? I was also wondering if its somehow
possible to assign IP addresses dynamically in the 192.168.1/24 net
for the clients? Previously I had a hardcoded IP for each client.
Best regards,
Edvard Fagerholm
