[Openswan Users] Multiple left

Paul Wouters paul at xelerance.com
Fri Jun 11 02:22:48 CEST 2004


On Thu, 10 Jun 2004, Trevor Benson wrote:

> Can left= have more then one address? That way a single tunnel, with a
> cert could have lets say 2 IP addresses allowed for a roadwarrior
> tunnel? Instead of just making it dynamic and allowing all?  And or a
> firewall with 2 interfaces, 1 for internet and 1 for wireless clients
> could allow either local interface to be used for that tunnel?

If you want to "authenticate" (and I use the word losely here) based on
IP address, then you need to have one. If you do other authentication,
based on rsakey, x.509 certs or xauth, then you dont care which iis used 
at all.

So seperate the IP restrictions from the ipsec authentication. If you
only want two ip's to be able to establish ipsec tunnels, use firewall
rules for that.

Paul
-- 

<Reverend> IRC is just multiplayer notepad.




More information about the Users mailing list