[Openswan Users] [Bulk] Re: %defaultroute equivalent for ipsec.secrets
Paul Wouters
paul at xelerance.com
Mon Sep 18 11:32:06 EDT 2006
On Mon, 18 Sep 2006, Andy Gay wrote:
> (please copy the mailing list when you send reports like this)
Indeed people. Keep using the list, so others can find it in the archive or
google. If you want private answers, hire a consultant.
> > : PSK "pre-shared_secret"
> > works and is OK because I always connect to the same VPN
> > gateway. Otherwise, couldn't this cause a problem?
> >
> Yes. It would require you to use the same PSK for all gateways.
Which is needed on the server side anyway for all roadwarriors
using the same conn. With PSK you get what you deserve. It does
not scale. Use X.509 if you need to scale.
> > then, I get the error "Can't authenticate: no
> > preshared key found for `192.168.0.101' and `xxx.xxx.xxx.xxx'."
> >
> > I tried these before. It appears that I have interpreted the
> > man page correctly. But the program simply doesn't work that
> > way. I am using Openswan version 2.4.4 on Fedora Core 5.
> > Perhaps I have found a bug?
Did you restart openswan after editing ipsec.secrets, or ran the
command "ipsec secrets" to reload them?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list