[Openswan Users] multiple authentication methods for road warriors

Abdul-Wahid Paterson abdulwahid at gmail.com
Tue Oct 12 00:15:41 CEST 2004


That is what I have done....the "somevpn" is one of the other working
VPN connections in the ipsec.conf. I haven't tried to actually restart
ipsec....i just did a reread of the secrets file and add my new
connection profile which failed with the message stated in my previous
email.

Regards,

Abdul-Wahid

On Mon, 11 Oct 2004 18:05:11 -0400, John A. Sullivan III
<john.sullivan at nexusmgmt.com> wrote:
> 
> 
> On Mon, 2004-10-11 at 17:47, Abdul-Wahid Paterson wrote:
> > Hi,
> >
> > On one of my VPN gateways I have  about 25 VPNs with most of them
> > using RSA sig and a few using X.509. Probably 80% of my tunnels have
> > dynamic IPs on the other end so I have them specified as %any on my
> > VPN gateway conf file.
> >
> > That has all been working fine. I now though need to connect a Vigor
> > ADSL router which can only do PSK authentication. However, is it
> > possible to share PSK authentication along side RSA and X.509? When I
> > try I get the error message:
> >
> > 023 authentication method disagrees with "somevpn", which is also for
> > an unspecified peer
> >
> > Does this mean it can't be done? Is it a protocol or an implementation
> > limitation?
> <snip>
> Is "somevpn" your %any conn? If so, although I have never done it, I
> would think you could just create another conn, call it "somepsk" which
> also uses %any but specifies authby=secret rather than rsasig - John
> --
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan at nexusmgmt.com
> ---
> If you are interested in helping to develop a GPL enterprise class
> VPN/Firewall/Security device management console, please visit
> http://iscs.sourceforge.net
> 
>


More information about the Users mailing list