[Openswan Users] how to specify domain name in ipsec.secrets

Paul Wouters paul at xelerance.com
Wed Dec 6 17:31:46 EST 2006


On Wed, 6 Dec 2006, Chris Purves wrote:

> I have ipsec working using pre-shared keys with a NATed WinXP client.
> My ipsec host is on a machine with a dynamic IP, so I don't want to have
> to specify the host IP in any of the configuration files.
>
> Currently in ipsec.secrets I have:
>
> 68.149.172.106 %any: PSK "secret"
>
>  From the manual page, I think I should be able to replace it with:
>
> @vpn.northfolk.ca %any: PSK "secret"
>
> but this doesn't work and I get the following message in my log:

no, you cannot combine @id with PSK, since the ID is sent after the
PSK has been used. The "@" can only be used for RSA keys.

> This makes me think that the name is not being properly resolved.  How
> can I get this to work?

Just use "%any" without anything else. Yes, it means you can only have one
PSK for all roadwarriors. If that is a problem, switch to X.509.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list