[Openswan Users] Many networks

Thiago Lima thiagolima at webforce.com.br
Wed Feb 9 13:53:31 CET 2005

	I'm using openswan ipsec-ipsec in some linux servers that are
firewalls/gateways to small local networks.

	I connect from my local network to those networks every time I need
to manage another internal machine in those network. Then I use vnc or
remotedesktop to connect to each machine.

	In my setup right now I have one certificate for each
connection/firewall and all my users here ( I have 4 technician ) uses the
same certificate. I belive that is wrong and I want to change this behavior.
I want every technician to have his own certificate and I would like to
revoke then if needed.. 

	I could just put every certificate in openswan configuration but
that seens difficult to maintain.

	Looking in the openswan site I've seen something about OCSP. Maybe
that's what I'm looking for. 

	Can any one help me ? Is that really what I need? There's any other
way to centralize all certificates in one server and all others ask if the
certificate is valid? 

	I'm using kerberos to autenticate those users in ssh. I'm looking
for something like that for the ipsec connection.

Thanks alot
Thiago Lima.


More information about the Users mailing list