[Openswan dev] Aggressive Mode and multiple tunnels with different PSK

David McCullough David_Mccullough at securecomputing.com
Sat Jul 4 00:10:46 EDT 2009


Jivin Paul Wouters lays it down ...
> On Fri, 3 Jul 2009, Frank Eberle wrote:
> 
> > I've tried to setup multiple tunnels using aggressive mode with
> > different PSKs. It seems that this does not work. I've searched for a
> > solution and found the following patch
> >
> > http://lists.openswan.org/pipermail/dev/2009-April/002069.html
> 
> Looking at the fist hunk, I am a little confused about the "shared" nature
> and the printing being wrong. Perhaps Hugh can share some light on that,
> and wether the hunk is right?
> 
> As for the second part, I am not sure what the implications are without
> doing some more research.
> 
> > Does anybody know if this patch has negative impacts on the security
> > or stability of PLUTO? I'm wondering why the official code does not
> > allow this kind of setup. Some vendors of IPSec gateways allow
> > different tunnels with PSK and aggressive mode.
> 
> I thought this was working already? Are you specifying right/left ids in
> your conn that are not just the ip itself?

At first glance I thought,  I do this all the time,  using left/right ids
and aggressive mode with PSK is probably our most common configuration.

Can you elaborate on the setup that is failing so I can try it here ?

Thanks,
Davidm

-- 
David McCullough,  david_mccullough at securecomputing.com,  Ph:+61 734352815
McAfee - SnapGear  http://www.snapgear.com                http://www.uCdot.org


More information about the Dev mailing list