[Openswan Users] PSK & RSA

Peter McGill petermcgill at goco.net
Mon Sep 11 13:22:37 EDT 2006

> Is it possible to use PSK  and RSA certs for separate conns on the same server 
> at the same time?

Yes, with some limitations.
If may use both PSK and RSA for statically defined connections.
(Both left and right ip's are static.)
But you must pick one or the other for each connection.

Were the problem comes in is with road warriors.
(Remote ip address is dynamic/unknown/%any.)
In this case you can only user PSK or RSA for all road warriors.
All road warriors must use the same method.
This confuses and is a problem for some people.

This is how I understand it to work.
Although I haven't worked much with road warrior connections myself.
I can definately verify that this is how it works for me with staticly defined
connections, at least in Openswan 2.2.x -> 2.6.x. I use both on different conns.

Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited

More information about the Users mailing list