[Openswan Users] multiple authentication methods for road
warriors
Alexander Samad
alex at samad.com.au
Tue Oct 12 10:00:41 CEST 2004
Hi
I believe there is a problem with roadwarrior (ie %any) and mixing psk
with rsa or x509, something to do with being unable to identify the key
A
On Mon, Oct 11, 2004 at 11:15:41PM +0100, Abdul-Wahid Paterson wrote:
> That is what I have done....the "somevpn" is one of the other working
> VPN connections in the ipsec.conf. I haven't tried to actually restart
> ipsec....i just did a reread of the secrets file and add my new
> connection profile which failed with the message stated in my previous
> email.
>
> Regards,
>
> Abdul-Wahid
>
> On Mon, 11 Oct 2004 18:05:11 -0400, John A. Sullivan III
> <john.sullivan at nexusmgmt.com> wrote:
> >
> >
> > On Mon, 2004-10-11 at 17:47, Abdul-Wahid Paterson wrote:
> > > Hi,
> > >
> > > On one of my VPN gateways I have about 25 VPNs with most of them
> > > using RSA sig and a few using X.509. Probably 80% of my tunnels have
> > > dynamic IPs on the other end so I have them specified as %any on my
> > > VPN gateway conf file.
> > >
> > > That has all been working fine. I now though need to connect a Vigor
> > > ADSL router which can only do PSK authentication. However, is it
> > > possible to share PSK authentication along side RSA and X.509? When I
> > > try I get the error message:
> > >
> > > 023 authentication method disagrees with "somevpn", which is also for
> > > an unspecified peer
> > >
> > > Does this mean it can't be done? Is it a protocol or an implementation
> > > limitation?
> > <snip>
> > Is "somevpn" your %any conn? If so, although I have never done it, I
> > would think you could just create another conn, call it "somepsk" which
> > also uses %any but specifies authby=secret rather than rsasig - John
> > --
> > John A. Sullivan III
> > Chief Technology Officer
> > Nexus Management
> > +1 207-985-7880
> > john.sullivan at nexusmgmt.com
> > ---
> > If you are interested in helping to develop a GPL enterprise class
> > VPN/Firewall/Security device management console, please visit
> > http://iscs.sourceforge.net
> >
> >
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20041012/40f1d58c/attachment-0001.bin
More information about the Users
mailing list