Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th August 2012
igy01 igy01 is offline
Port Guard
Join Date: Jan 2011
Posts: 17
Thanked 0 Times in 0 Posts
Default ipsec, x509 and more than one interface

I have one OpenBSD box and two network card, cards are connected to different networks:
xl0 IP=
rl0 IP=

Now I want to configure multiple isakmpd/IPsec connections. Some IPsec connections are against hosts from first network, some of them are in second network, i.e. I need protected traffic between: <==> <==> <==> <==>

Everything is clear and simple, except how to configure x509 certificates? For me, there are two scenarios:

first scenario:
1. create only one local.key
2. create two crt: and in /etc/isakmpd/certs/
3. in /etc/ipsec.conf configure two different kind of lines:
ike esp from ... to ... local peer main auth ....
ike esp from ... to ... local peer main auth ....

second scenario:
1. create one local.key
2. create only one crt: (or only
3. in /etc/ipsec.conf configure:
ike esp from ... to ... local peer main auth ....
ike esp from ... to ... local peer main auth ....

So, in second scenario, IPsec is "finished" on OpenBSD box,
but not on interface conencted to network

Which scenario is appropriate and why? Some other idea?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
pf.conf / Which interface ? xinform3n OpenBSD Security 3 8th March 2010 06:23 PM
Web interface for rTorrent Beastie FreeBSD Ports and Packages 0 24th August 2009 11:53 AM
CARP interface with DHClient xinform3n OpenBSD General 5 22nd July 2009 12:41 PM
NAT with only one interface zapov General software and network 4 16th February 2009 03:45 AM
Web interface for pf? windependence OpenBSD Security 4 20th May 2008 03:58 AM

All times are GMT. The time now is 05:37 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick