[Openswan dev] Aggressive Mode and multiple tunnels with different PSK

Paul Wouters paul at xelerance.com
Fri Jul 3 15:39:30 EDT 2009

On Fri, 3 Jul 2009, Frank Eberle wrote:

> I've tried to setup multiple tunnels using aggressive mode with
> different PSKs. It seems that this does not work. I've searched for a
> solution and found the following patch
> http://lists.openswan.org/pipermail/dev/2009-April/002069.html

Looking at the fist hunk, I am a little confused about the "shared" nature
and the printing being wrong. Perhaps Hugh can share some light on that,
and wether the hunk is right?

As for the second part, I am not sure what the implications are without
doing some more research.

> Does anybody know if this patch has negative impacts on the security
> or stability of PLUTO? I'm wondering why the official code does not
> allow this kind of setup. Some vendors of IPSec gateways allow
> different tunnels with PSK and aggressive mode.

I thought this was working already? Are you specifying right/left ids in
your conn that are not just the ip itself?

Thanks for pointing out the patch, it definately needs some closer


More information about the Dev mailing list