[Openswan Users] Problem with multiple road-warriors and psk
paul at xelerance.com
Thu Sep 21 13:23:19 EDT 2006
On Thu, 21 Sep 2006, Andy Van den Heede wrote:
> How should you configure the ipsec.conf and ipsec.secrets in this
I am not sure I fully know your situation.
> Also for a lot more connections?
If these are all linksys linux based ipsec clients, I would use raw rsa
keys, and not PSK. If these clients are windows behind linksys'es, I
would use an X.509 setup.
> -----Oorspronkelijk bericht-----
> Van: Paul Wouters [mailto:paul at xelerance.com]
> Verzonden: donderdag 21 september 2006 16:53
> Aan: Andy Van den Heede
> CC: users at openswan.org
> Onderwerp: RE: [Openswan Users] Problem with multiple road-warriors and
> On Wed, 20 Sep 2006, Andy Van den Heede wrote:
> > I did also a test with two different leftid's. Also in main mode....
> > But when the linksys1 tries to build up the tunnel, the openswan tries
> > to bring up the tunnel 2.
> If phase 1 is identical, then the name is arbitrary and get switch
> the tunnel setup.
> > I use aggressive mode because it will be dynamic ip addresses at the
> > external side of the Linksys routers. The setup now is a test network.
> So? Aggressive mode is insecure, and should only be used when forced my
> stupid (read Cisco) setups. Avoid aggressive mode at all cost.
> with PSK, because it allows for brute forcing the PSK. And even without
> the brute forcing, any client can pretend to be the gateway and get
> further credentials.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users