On Mon, Aug 10, 2009 at 06:37:41PM -0400, Christopher Sean Hilton wrote: > I have a couple of questions regarding setting up ipsec. > > I've read the "4 minutes" page and modified the older setup to work with > 2 OpenBSD 4.5 boxes. That's enough to get me going with an IPsec tunnel > by IP addresses but one side of my connection is a consumer grade DSL > line which wants to have it's address changed every 5 minutes (sigh). I > obviously need to setup ipsec with FQDN. I initially tried to do this > with certificates but I couldn't get things to work so I've rolled back > to using public keys and everything appears to be okay. > > My question is this: When you use certficates does isakmpd still use > > /etc/isakmpd/private/local.key > > as the private key for the crypto negotiation or can that be changed.
By default isakmpd will use local.key, if you wish to use more than one private key you can rename the key to match the value of your ISAKMP Phase1-ID. For example, if your Phase1-ID is ID-type=IPV4_ADDR and Address=10.10.10.10 the corresponding key file would be /etc/isakmpd/private/10.10.10.10 Hoep this helps -- Mathieu Sauve-Frankel
