[Openswan Users] PSK & RSA

Lewis Shobbrook mylists at blue-matrix.org
Mon Sep 11 20:21:35 EDT 2006

Thanks for the info Peter,

On Tuesday 12 September 2006 3:22 am, Peter McGill wrote:
> > Is it possible to use PSK  and RSA certs for separate conns on the same
> > server at the same time?
> Yes, with some limitations.
> If may use both PSK and RSA for statically defined connections.
> (Both left and right ip's are static.)
> But you must pick one or the other for each connection.
> Were the problem comes in is with road warriors.
> (Remote ip address is dynamic/unknown/%any.)
> In this case you can only user PSK or RSA for all road warriors.
> All road warriors must use the same method.
> This confuses and is a problem for some people.
> This is how I understand it to work.
> Although I haven't worked much with road warrior connections myself.
> I can definately verify that this is how it works for me with staticly
> defined connections, at least in Openswan 2.2.x -> 2.6.x. I use both on
> different conns.>>

I use roadwarrior connections with x509 certs & l2tp, & permanent conns with 
typical fswan RSA , so I'll need to do some testing to ensure they all play 
well together.  Nice to know that it is being done contrary to my previous 



More information about the Users mailing list