[Openswan Users] NAT-T and PSK

Paul Wouters paul at xelerance.com
Wed Apr 19 18:00:15 CEST 2006

On Wed, 19 Apr 2006, Brian Candler wrote:

> > PSK security is partially based on the IP address. For NAT-T, this address
> > changes. As a result you can only group the entire internet together in one
> > PSK for "", and all your clients need to know the same secret. The
> > more clients, the more risk your secret is imposed to.
> Unless you use Aggressive Mode.

And use one connection per client? Otherwise you still need a group secret.

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list