On 2008/04/27 14:18, Marten Rizwan wrote:
quoted text
> Hello ports@,

this isn't exactly ports@ material...CC'd/reply-to set to misc.

quoted text
> I'm a happy user of sane OpenBSD IPsec. There is one thing that
I haven't been able to figure out yet though. I want to simultaneously
connect to two IPsec servers, both of which are OpenBSD boxes and
both of them use X509 certificates. These two servers are managed
by different administrators and are absolutely unrelated. Hence,
their X509 certs are created with different CAs. In both cases, I
haven't been given opportunity to provide my own CSR for them to
generate my certificate. Hence, I'm given two pair of keys/certs
for each server. Basically, the two CSRs are signed using two
different private keys. What this means to me is that I need to
have two separate /etc/isakmpd/priavte/local.key for each server.
I believe that /etc/isakmpd/priavte/local.key is glued in isakmpd
and I have no way of specifying a separate local.key for each server
I'm connecting to. Am I missing something? By the way, I obviously
use ipsecctl(8) to configure IPsec.
quoted text
> Thanks in advance.
> 

I haven't tried this, and it's not in the manual as far as I can
see, but it looks like isakmpd looks in files named after the
identity of the local peer (i.e. srcid) before it tries local.key.
If you get it working, let me know the details and I'll try and
come up with something for the manual...