[Openswan Users] [Bulk] Re: %defaultroute equivalent for ipsec.secrets
andy at andynet.net
Mon Sep 18 10:37:30 EDT 2006
On Mon, 2006-09-18 at 06:08 -0400, Jonathan Coles wrote:
(please copy the mailing list when you send reports like this)
> Andy Gay wrote:
> > Just don't specify your address. E.g.
> > xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
> > or even just
> > : PSK "pre-shared_secret"
> > will work.
> : PSK "pre-shared_secret"
> works and is OK because I always connect to the same VPN
> gateway. Otherwise, couldn't this cause a problem?
Yes. It would require you to use the same PSK for all gateways.
> If I specify
> xxx.xxx.xxx.xxx : PSK "pre-shared_secret"
> xxx.xxx.xxx.xxx 0.0.0.0 : PSK "pre-shared_secret"
> then, I get the error "Can't authenticate: no
> preshared key found for `192.168.0.101' and `xxx.xxx.xxx.xxx'."
> I tried these before. It appears that I have interpreted the
> man page correctly. But the program simply doesn't work that
> way. I am using Openswan version 2.4.4 on Fedora Core 5.
> Perhaps I have found a bug?
Sounds like you may have.
It's probably not a common configuration though for a RW to have
multiple gateways using PSK. Maybe that's why it wasn't noticed before.
> >> I tried %any as mentioned in the ipsec.secrets man page, but
> >> it doesn't work. Error message: "Can't authenticate: no
> >> preshared key found for `192.168.0.101' and `xxx.xxx.xxx.xxx'."
As long as the `xxx.xxx.xxx.xxx' in the error message is EXACTLY what
you have in ipsec.secrets, then I suspect this is a bug.
You should open a bug report on this. Go to
http://www.openswan.org/support/ and follow the 'Bug Reports' links.
> >> Have I misunderstood something?
> >> _______________________________________________
> >> Users at openswan.org
> >> http://lists.openswan.org/mailman/listinfo/users
> >> Building and Integrating Virtual Private Networks with Openswan:
> >> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users