[vpn-help] unable to verify remote peer certificate

Stefan Bauer stefan.bauer at cubewerk.de
Thu May 6 02:53:40 CDT 2010


Am 06.05.2010 09:43, sftf schrieb:
> SB> Yes, but racoon is a different IKE-deamon.
> First I tried racoon, but then realized that the racoon does not allow
> assign specific tunnel's IP address to particular client (identified by certificate, for example) -
> only some address from pool via mode_cfg section. But it support "split-tunneling".

It would be nice if you would send mail to vpn-help at lists.shrew.net
to everybody can follow our discussion.

Racoon supports authentication through Xauth against ldap and radius.

network4 address;
netmask4 address;
The local IP pool base address and network mask from which
dynamically allocated IPv4 addresses should be taken.  This is
 used if conf_source is set to local or if the RADIUS server
returned 255.255.255.254.  Default is 0.0.0.0/0.0.0.0.

So if authentication against radius works - it should be possible to
assign a specific ip-address to the client. As this man-page entry
states, if radius returns 255.255.255.254 the predefined ip-pool is
used for assignment.

Honestly, i never played with radius in combination with racoon as
this is some pain in the ass right now. (some litle tweks need to be
made to get radius working)

Stefan
-- 
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------



More information about the vpn-help mailing list