[Openswan Users] Problem with multiple road-warriors and psk
Paul Wouters
paul at xelerance.com
Thu Sep 21 10:52:54 EDT 2006
On Wed, 20 Sep 2006, Andy Van den Heede wrote:
> I did also a test with two different leftid's. Also in main mode....
>
> But when the linksys1 tries to build up the tunnel, the openswan tries
> to bring up the tunnel 2.
If phase 1 is identical, then the name is arbitrary and get switch midway
the tunnel setup.
> I use aggressive mode because it will be dynamic ip addresses at the
> external side of the Linksys routers. The setup now is a test network.
So? Aggressive mode is insecure, and should only be used when forced my
stupid (read Cisco) setups. Avoid aggressive mode at all cost. Especially
with PSK, because it allows for brute forcing the PSK. And even without
the brute forcing, any client can pretend to be the gateway and get
further credentials.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list