[Openswan Users] Virtual interfaces and digital certificates

Hugo Mora humoib at gmail.com
Mon Apr 4 13:23:32 CEST 2005


Hi all, I need your help.

- I am creating an web interface to manage ipsec connections. Virtual
interfaces limit is set on IPSEC_NUM_IF (now is set to 4), defined on
ipsec_param.h. If my "real" interfaces have some ip addresses,
theorically, users could create a lot of ipsec tunnels, but I don't
know how to reuse

ipsec0=eth0
ipsec1=eth1
ipsec2=eth0:0
ipsec3=eth0:1
ipsec4=eth0:2
ipsec5=eth0:3 ..... And how much??

Setting only "ipsec0=eth0 ipsec1=eth1" doesn't work? Where is my mistake?

- Another question: Do I need the CA certificate on "cacerts/" folder?
I thought that *yes*, but if I delete it, the tunnel still connect...
How the certificates are verifyed?

Thanks a lot!

-- 
-- Hugo Mora [ humoib @ gmail.com ]


More information about the Users mailing list