[Openswan Users] multiple authentication methods for road warriors

John A. Sullivan III john.sullivan at nexusmgmt.com
Mon Oct 11 20:21:35 CEST 2004


Did you load the new connection?
ipsec auto --add newvpn
ipsec auto --up newvpn
I think that's the syntax - John

On Mon, 2004-10-11 at 18:15, Abdul-Wahid Paterson wrote:
> That is what I have done....the "somevpn" is one of the other working
> VPN connections in the ipsec.conf. I haven't tried to actually restart
> ipsec....i just did a reread of the secrets file and add my new
> connection profile which failed with the message stated in my previous
> email.
> 
> Regards,
> 
> Abdul-Wahid
> 
> On Mon, 11 Oct 2004 18:05:11 -0400, John A. Sullivan III
> <john.sullivan at nexusmgmt.com> wrote:
> > 
> > 
> > On Mon, 2004-10-11 at 17:47, Abdul-Wahid Paterson wrote:
> > > Hi,
> > >
> > > On one of my VPN gateways I have  about 25 VPNs with most of them
> > > using RSA sig and a few using X.509. Probably 80% of my tunnels have
> > > dynamic IPs on the other end so I have them specified as %any on my
> > > VPN gateway conf file.
> > >
> > > That has all been working fine. I now though need to connect a Vigor
> > > ADSL router which can only do PSK authentication. However, is it
> > > possible to share PSK authentication along side RSA and X.509? When I
> > > try I get the error message:
> > >
> > > 023 authentication method disagrees with "somevpn", which is also for
> > > an unspecified peer
> > >
> > > Does this mean it can't be done? Is it a protocol or an implementation
> > > limitation?
> > <snip>
> > Is "somevpn" your %any conn? If so, although I have never done it, I
> > would think you could just create another conn, call it "somepsk" which
> > also uses %any but specifies authby=secret rather than rsasig - John
> > --
> > John A. Sullivan III
> > Chief Technology Officer
> > Nexus Management
> > +1 207-985-7880
> > john.sullivan at nexusmgmt.com
> > ---
> > If you are interested in helping to develop a GPL enterprise class
> > VPN/Firewall/Security device management console, please visit
> > http://iscs.sourceforge.net
> > 
> >
-- 
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan at nexusmgmt.com



More information about the Users mailing list