[Openswan Users] Many networks
Paul Wouters
paul at xelerance.com
Wed Feb 9 21:45:47 CET 2005
On Wed, 9 Feb 2005, Thiago Lima wrote:
> In my setup right now I have one certificate for each
> connection/firewall and all my users here ( I have 4 technician ) uses the
> same certificate. I belive that is wrong and I want to change this behavior.
> I want every technician to have his own certificate and I would like to
> revoke then if needed..
Just generate three more then.
> I could just put every certificate in openswan configuration but
> that seens difficult to maintain.
You do not need to. If you are using a rightid= for the current certificate,
just change it to use CN=*. But you can also leave out the rightid's if
you are just using one CA cert to sign all 5 of them (4 techs plus vpn server)
> Looking in the openswan site I've seen something about OCSP. Maybe
> that's what I'm looking for.
That is meant for much larger scale things.
> I'm using kerberos to autenticate those users in ssh. I'm looking
> for something like that for the ipsec connection.
You really mean kerberos tickets? or you mean user/password ? Ifyou really
want user/passwd, you need to use XAUTH/ModeConfig, but there is no need
for this.
Paul
More information about the Users
mailing list