[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: problem with isakmpd with certs

To: "Angelos D. Keromytis" <angelos@cis.upenn.edu>
Subject: Re: problem with isakmpd with certs
From: Andreas Schuldei <andreas@schuldei.org>
Date: Sat, 6 Jan 2001 10:57:50 +0100
Cc: misc@openbsd.org
Content-Disposition: inline
References: <20010105225656.B19447@sigrid.schuldei.com> <200101052200.f05M07O16539@cis.upenn.edu>
User-Agent: Mutt/1.3.12i

* Angelos D. Keromytis (angelos@cis.upenn.edu) [010105 23:04]:
> I think we may have a terminology mixup here. Your configuration for
> each of the machines should be as follows:
> 
> For machine with IP address X:
>    /etc/isakmpd/ca should contain the CA certificate (there's only one of
> 		  those)

done

>   /etc/isakmpd/certs should contain a file with a certificate whose
> 		  SubjAltName is set to X; the file name does not
> 		  matter

done

>   /etc/isakmpd/private should contain the corresponding private key

done

>   /etc/isakmpd/isakmpd.conf: the local Phase 1 ID should be X

I do not fully understand that. in my setup i have

[my-ID]
ID-type=                IPV4_ADDR
Address=                195.84.105.112

[Phase 1]
195.84.181.91=  utilator

[utilator]
Phase=                  1
Transport=              udp
Address=                195.84.181.91
Configuration=          Default-main-mode
ID=                     my-ID

so obviously I do not have ID set directly to 195.84.105.112, but to my-ID. 
Is this enough?

Follow-Ups:
- Re: problem with isakmpd with certs
  - From: "Angelos D. Keromytis" <angelos@keromytis.org>

References:
- Re: problem with isakmpd with certs
  - From: Andreas Schuldei <andreas@schuldei.org>
- Re: problem with isakmpd with certs
  - From: "Angelos D. Keromytis" <angelos@cis.upenn.edu>

Prev by Date: Re: Error messages and firewall not working
Next by Date: Re: problem with isakmpd with certs
Prev by thread: Summary of: problem with isakmpd with certs
Next by thread: Re: problem with isakmpd with certs
Index(es):
- Date
- Thread