[Openswan Users] PSK & RSA
mylists at blue-matrix.org
Mon Sep 11 20:21:35 EDT 2006
Thanks for the info Peter,
On Tuesday 12 September 2006 3:22 am, Peter McGill wrote:
> > Is it possible to use PSK and RSA certs for separate conns on the same
> > server at the same time?
> Yes, with some limitations.
> If may use both PSK and RSA for statically defined connections.
> (Both left and right ip's are static.)
> But you must pick one or the other for each connection.
> Were the problem comes in is with road warriors.
> (Remote ip address is dynamic/unknown/%any.)
> In this case you can only user PSK or RSA for all road warriors.
> All road warriors must use the same method.
> This confuses and is a problem for some people.
> This is how I understand it to work.
> Although I haven't worked much with road warrior connections myself.
> I can definately verify that this is how it works for me with staticly
> defined connections, at least in Openswan 2.2.x -> 2.6.x. I use both on
> different conns.>>
I use roadwarrior connections with x509 certs & l2tp, & permanent conns with
typical fswan RSA , so I'll need to do some testing to ensure they all play
well together. Nice to know that it is being done contrary to my previous
More information about the Users