[Openswan Users] help with bug 348
paul at xelerance.com
Thu Mar 23 23:00:52 CET 2006
On Wed, 22 Mar 2006, Chris Haumesser wrote:
> Thanks, Paul. I've followed your advice, and removed the authby pipe
> syntax from my configs, and added the leftid lines you suggested (please
> see below in case I'm still doing something syntactically incorrect).
It looks right.
> I still have a problem though, somewhere. When I try to connect with a
> PSK, openswan insists on matching it to my x.509 conn, which obviously
> fails; and openswan never even tries the PSK connection.
Okay. I will create a new test case for this today.
> Can you (anyone?) comment at all on bug 348, and/or the procedure
> openswan uses to match incoming connections? I.e., what factors
> determine which conn entry openswan will try to match first, especially
> in the case of multiple right=%any connections?
Our developers are catching up from IETF engagements, so they are a little
> Just to be clear, it is *possible* to have one PSK plus one or more x509
> connections with right=%any, correct?
It should be possible, yes.
> Connection matching seems rather opaque to me, and I feel like I must
> still be missing something...
There does seem to be a bug in this. Does changing the order of the two
conns make the problem go away? Or does it move the problem to the
More information about the Users