Subject: racoon, multiple anonymous certs
To: None <>
From: Jarkko Teppo <>
List: tech-net
Date: 01/28/2003 14:15:11

I've got racoon working with X.509 certs quite nicely but I'm having
some trouble and I can't think my way out of it.

Let's say I have an IPSec transport mode endpoint with a fixed
address, running current w/racoon. In addition to this, I have multiple
"client" machines with dynamic IP:s (w2k mostly). Is it possible to
either specify multiple certs via peers_certfile or using the
remote-directive with something else than fixed IP or anonymous ?

I'd like to avoid psk:s and I'd hate to share the same cert on the
client machines.

Any other ideas to handle distinct authentication (to racoon) for the
client machines appreciated..

Thanks, (if possible, keep me on the CC:)