Hello ports@,
I'm a happy user of sane OpenBSD IPsec. There is one thing that I haven't been
able to figure out yet though. I want to simultaneously connect to two IPsec
servers, both of which are OpenBSD boxes and both of them use X509
certificates. These two servers are managed by different administrators and are
absolutely unrelated. Hence, their X509 certs are created with different CAs.
In both cases, I haven't been given opportunity to provide my own CSR for them
to generate my certificate. Hence, I'm given two pair of keys/certs for each
server. Basically, the two CSRs are signed using two different private keys.
What this means to me is that I need to have two separate
/etc/isakmpd/priavte/local.key for each server. I believe that
/etc/isakmpd/priavte/local.key is glued in isakmpd and I have no way of
specifying a separate local.key for each server I'm connecting to. Am I missing
something? By the way, I obviously use ipsecctl(8) to configure IPsec.
Thanks in advance.
