[vpn-help] unable to verify remote peer certificate
Stefan Bauer
stefan.bauer at cubewerk.de
Thu May 6 02:53:40 CDT 2010
Am 06.05.2010 09:43, sftf schrieb:
> SB> Yes, but racoon is a different IKE-deamon.
> First I tried racoon, but then realized that the racoon does not allow
> assign specific tunnel's IP address to particular client (identified by certificate, for example) -
> only some address from pool via mode_cfg section. But it support "split-tunneling".
It would be nice if you would send mail to vpn-help at lists.shrew.net
to everybody can follow our discussion.
Racoon supports authentication through Xauth against ldap and radius.
network4 address;
netmask4 address;
The local IP pool base address and network mask from which
dynamically allocated IPv4 addresses should be taken. This is
used if conf_source is set to local or if the RADIUS server
returned 255.255.255.254. Default is 0.0.0.0/0.0.0.0.
So if authentication against radius works - it should be possible to
assign a specific ip-address to the client. As this man-page entry
states, if radius returns 255.255.255.254 the predefined ip-pool is
used for assignment.
Honestly, i never played with radius in combination with racoon as
this is some pain in the ass right now. (some litle tweks need to be
made to get radius working)
Stefan
--
Stefan Bauer -----------------------------------------
PGP: E80A 50D5 2D46 341C A887 F05D 5C81 5858 DCEF 8C34
-------- plzk.de - Linux - because it works ----------
More information about the vpn-help
mailing list