[Openswan dev] Aggressive Mode and multiple tunnels with different PSK
paul at xelerance.com
Fri Jul 3 15:39:30 EDT 2009
On Fri, 3 Jul 2009, Frank Eberle wrote:
> I've tried to setup multiple tunnels using aggressive mode with
> different PSKs. It seems that this does not work. I've searched for a
> solution and found the following patch
Looking at the fist hunk, I am a little confused about the "shared" nature
and the printing being wrong. Perhaps Hugh can share some light on that,
and wether the hunk is right?
As for the second part, I am not sure what the implications are without
doing some more research.
> Does anybody know if this patch has negative impacts on the security
> or stability of PLUTO? I'm wondering why the official code does not
> allow this kind of setup. Some vendors of IPSec gateways allow
> different tunnels with PSK and aggressive mode.
I thought this was working already? Are you specifying right/left ids in
your conn that are not just the ip itself?
Thanks for pointing out the patch, it definately needs some closer
More information about the Dev