Date: Sat, 22 Jun 2002 12:04:45 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Nick Slager <ns@zith.net> Cc: security@freebsd.org Subject: Re: Configuring sainfo in racoon(8) Message-ID: <20020622120445.C33571@blossom.cjclark.org> In-Reply-To: <20020622050353.A35129@zith.net>; from ns@zith.net on Sat, Jun 22, 2002 at 05:03:53AM -0500 References: <20020618130547.A11688@blossom.cjclark.org> <20020622050353.A35129@zith.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 22, 2002 at 05:03:53AM -0500, Nick Slager wrote:
> Thus spake Crist J. Clark (crist.clark@attbi.com):
>
> >
> > my_identifier user_fqdn "cjc@mydomain.org";
> > peer_identifier user_fqdn "cjc@mydomain.org";
> > ...
> >
> > }
> >
> > sainfo user_fqdn "cjc@mydomain.org" user_fqdn "cjc@mydomain.org" {
> > ...
> >
> > }
> >
>
> Your specified sainfo stanza isn't matching (to state the bleedin'
> obvious, as John Cleese would say).
Yep. I realize that. racoon(8) reports it can't find the 'sainfo.'
> Perhaps this misses the point of what you're trying to do, but is there
> some reason you have to use user_fqdn identifers?
>
> Try using:
>
> my_identifier address;
>
> and change your sainfo stanza to reflect that address.
I want to use 'user_fqdn' because,
1) One end has a dynamic address so I can't specify 'sainfo' with
an address, and
2) I (will) have different policies for different peers so I do not
want to use an 'anonymous' 'sainfo.'
I have no attachment to using 'user_fqdn,' it's just that I don't want
to try to use addresses since one end is dynamic, and 'user_fqdn'
seemed the obvious choice from the racoon.conf(5) docs.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020622120445.C33571>