IPSEC VPN endpoint with multiple road warriors

[mikesg]

After a lot of reading of man pages, I created a basic IKE IPSEC VPN on OpenBSD 4.7 that works great. I've tested it using the Greenbow and Shrewsoft VPN clients from multiple locations and with multiple simultaneous connections (using the same PSK). I would like to be able to have some sort of authentication method that I can control per user, rather than a global key everyone shares. I'm not sure where to go from here though. Most of what I have read online refers to gateway-to-gateway VPN's with the rest of the responses out of date or RTFM replies. Hoping to find some good direction here. TIA!

[mikesg]

Bump. Is it that bad a question? Oo

[jggimi]

OK. I've looked again at your original post. I use neither Greenbow nor Shrewsoft, though I have tested with the latter, a long time ago, and used only shared passphrases.

OpenBSD's ISAKMPD implementation allows four different types of key authentication: shared passphrase, host keys, x509 certificates, and keynote certificates. Host keys (without certificates) are shared key pairs, which are most easily used between OpenBSD instances, and that is all I use in production.

See what your software vendors Greenbow and Shrewsoft can provide, and use that.