[Openswan dev] Aggressive Mode and multiple tunnels with different PSK
David McCullough
David_Mccullough at securecomputing.com
Sat Jul 4 00:10:46 EDT 2009
Jivin Paul Wouters lays it down ...
> On Fri, 3 Jul 2009, Frank Eberle wrote:
>
> > I've tried to setup multiple tunnels using aggressive mode with
> > different PSKs. It seems that this does not work. I've searched for a
> > solution and found the following patch
> >
> > http://lists.openswan.org/pipermail/dev/2009-April/002069.html
>
> Looking at the fist hunk, I am a little confused about the "shared" nature
> and the printing being wrong. Perhaps Hugh can share some light on that,
> and wether the hunk is right?
>
> As for the second part, I am not sure what the implications are without
> doing some more research.
>
> > Does anybody know if this patch has negative impacts on the security
> > or stability of PLUTO? I'm wondering why the official code does not
> > allow this kind of setup. Some vendors of IPSec gateways allow
> > different tunnels with PSK and aggressive mode.
>
> I thought this was working already? Are you specifying right/left ids in
> your conn that are not just the ip itself?
At first glance I thought, I do this all the time, using left/right ids
and aggressive mode with PSK is probably our most common configuration.
Can you elaborate on the setup that is failing so I can try it here ?
Thanks,
Davidm
--
David McCullough, david_mccullough at securecomputing.com, Ph:+61 734352815
McAfee - SnapGear http://www.snapgear.com http://www.uCdot.org
More information about the Dev
mailing list