[Openswan Users] multiple authentication methods for road warriors

John A. Sullivan III john.sullivan at nexusmgmt.com
Mon Oct 11 19:05:11 CEST 2004


On Mon, 2004-10-11 at 17:47, Abdul-Wahid Paterson wrote:
> Hi,
> 
> On one of my VPN gateways I have  about 25 VPNs with most of them
> using RSA sig and a few using X.509. Probably 80% of my tunnels have
> dynamic IPs on the other end so I have them specified as %any on my
> VPN gateway conf file.
> 
> That has all been working fine. I now though need to connect a Vigor
> ADSL router which can only do PSK authentication. However, is it
> possible to share PSK authentication along side RSA and X.509? When I
> try I get the error message:
> 
> 023 authentication method disagrees with "somevpn", which is also for
> an unspecified peer
> 
> Does this mean it can't be done? Is it a protocol or an implementation
> limitation?
<snip>
Is "somevpn" your %any conn? If so, although I have never done it, I
would think you could just create another conn, call it "somepsk" which
also uses %any but specifies authby=secret rather than rsasig - John
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com
---
If you are interested in helping to develop a GPL enterprise class
VPN/Firewall/Security device management console, please visit
http://iscs.sourceforge.net 



More information about the Users mailing list