From owner-freebsd-security Sat Jun 22 12: 5:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 9CA5D37B40E for ; Sat, 22 Jun 2002 12:04:55 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020622190451.YQNX2751.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sat, 22 Jun 2002 19:04:51 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.3/8.12.3) with ESMTP id g5MJ4oJK040795; Sat, 22 Jun 2002 12:04:50 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.3/8.12.3/Submit) id g5MJ4jrd040794; Sat, 22 Jun 2002 12:04:45 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Sat, 22 Jun 2002 12:04:45 -0700 From: "Crist J. Clark" To: Nick Slager Cc: security@freebsd.org Subject: Re: Configuring sainfo in racoon(8) Message-ID: <20020622120445.C33571@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <20020618130547.A11688@blossom.cjclark.org> <20020622050353.A35129@zith.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020622050353.A35129@zith.net>; from ns@zith.net on Sat, Jun 22, 2002 at 05:03:53AM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Jun 22, 2002 at 05:03:53AM -0500, Nick Slager wrote: > Thus spake Crist J. Clark (crist.clark@attbi.com): > > > > > my_identifier user_fqdn "cjc@mydomain.org"; > > peer_identifier user_fqdn "cjc@mydomain.org"; > > ... > > > > } > > > > sainfo user_fqdn "cjc@mydomain.org" user_fqdn "cjc@mydomain.org" { > > ... > > > > } > > > > Your specified sainfo stanza isn't matching (to state the bleedin' > obvious, as John Cleese would say). Yep. I realize that. racoon(8) reports it can't find the 'sainfo.' > Perhaps this misses the point of what you're trying to do, but is there > some reason you have to use user_fqdn identifers? > > Try using: > > my_identifier address; > > and change your sainfo stanza to reflect that address. I want to use 'user_fqdn' because, 1) One end has a dynamic address so I can't specify 'sainfo' with an address, and 2) I (will) have different policies for different peers so I do not want to use an 'anonymous' 'sainfo.' I have no attachment to using 'user_fqdn,' it's just that I don't want to try to use addresses since one end is dynamic, and 'user_fqdn' seemed the obvious choice from the racoon.conf(5) docs. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message