[Openswan dev] Aggressive Mode and multiple tunnels with different PSK
Paul Wouters
paul at xelerance.com
Fri Jul 3 15:39:30 EDT 2009
On Fri, 3 Jul 2009, Frank Eberle wrote:
> I've tried to setup multiple tunnels using aggressive mode with
> different PSKs. It seems that this does not work. I've searched for a
> solution and found the following patch
>
> http://lists.openswan.org/pipermail/dev/2009-April/002069.html
Looking at the fist hunk, I am a little confused about the "shared" nature
and the printing being wrong. Perhaps Hugh can share some light on that,
and wether the hunk is right?
As for the second part, I am not sure what the implications are without
doing some more research.
> Does anybody know if this patch has negative impacts on the security
> or stability of PLUTO? I'm wondering why the official code does not
> allow this kind of setup. Some vendors of IPSec gateways allow
> different tunnels with PSK and aggressive mode.
I thought this was working already? Are you specifying right/left ids in
your conn that are not just the ip itself?
Thanks for pointing out the patch, it definately needs some closer
examination.
Paul
More information about the Dev
mailing list