[Openswan Users] Two networks using PSK as roadwarriors
Paul Wouters
paul at xelerance.com
Wed Apr 19 18:07:38 CEST 2006
On Wed, 19 Apr 2006, Daniel Fenert wrote:
> My config:
> --- cut ---
> conn roadwarrior-a-psk
> type=tunnel
> authby=secret
> left=MYIP
> leftnexthop=MYRTR
> leftsubnet=192.168.0.0/16
> right=0.0.0.0
use right=%any, not 0.0.0.0
> rightsubnet=192.168.22.0/24
Note that leftsubnet and rightsubnet overlap. This works for KLIPS, but for NETKEY you
will need to add a conn passthrough route that skips 192.168.22.0/24 from being routed
to /16.
Also, using authby=secret and right=%any, means you need some other form of identifying
the incoming connection, so you must use a rightid=@somestring
> Any ides how to solve the problem? I cannot use rsasig for these 2 connections
> because both roadwarriors use some small hardware routers where PSK is the
> only option.
huh? That does not make much sense. The RSAsig is used for the initiation IKE channel,
and every hour at rekey. It is not involved with the packet encryptions. So this
should have no real impact on your device's performance at all.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list