[vpn-help] unable to verify remote peer certificate
sftf
sftf-misc at mail.ru
Thu May 6 03:07:40 CDT 2010
SB> Am 06.05.2010 09:43, sftf schrieb:
>> SB> Yes, but racoon is a different IKE-deamon.
>> First I tried racoon, but then realized that the racoon does not allow
>> assign specific tunnel's IP address to particular client (identified by certificate, for example) -
>> only some address from pool via mode_cfg section. But it support "split-tunneling".
SB> It would be nice if you would send mail to vpn-help at lists.shrew.net
SB> to everybody can follow our discussion.
SB> Racoon supports authentication through Xauth against ldap and radius.
SB> network4 address;
SB> netmask4 address;
SB> The local IP pool base address and network mask from which
SB> dynamically allocated IPv4 addresses should be taken. This is
SB> used if conf_source is set to local or if the RADIUS server
SB> returned 255.255.255.254. Default is 0.0.0.0/0.0.0.0.
SB> So if authentication against radius works - it should be possible to
SB> assign a specific ip-address to the client. As this man-page entry
SB> states, if radius returns 255.255.255.254 the predefined ip-pool is
SB> used for assignment.
I agree, but on Debian, which I use, the racoon is compiled without RADIUS support.
So that problems here(racoon) and there(strongswan).
Waiting for split-tunneling in strongswan, and then wait when it will appear in
Debian stable.
More information about the vpn-help
mailing list