[Openswan Users] Multiple Roadwarriors and strict mode

Paul Wouters paul at xelerance.com
Mon Feb 19 13:48:01 EST 2007


On Mon, 19 Feb 2007, Henry Bürger wrote:

> i have tried to confiugre multiple roadwarriors (right=any) on a VPN
> router. One roadwarrior config used strict mode.
> When i applied this config, i got only some tunnels working, others not.
> In error case, i got log messages like this:

Multiple roadwarriors using the same conn? Or using different conn's?

> authpriv.warn: Feb 16 12:48:27 pluto[16623]: "VPN_RW_1"[2] 217.83.44.139
> #20: policy does not allow OAKLEY_PRESHARED_KEY authentication.
> Attribute OAKLEY_AUTHENTICATION_METHOD

Looks like the roadwarrior us trying PSK, while the conn picked is RSA.

> I guess, what happened was described in ipsec_doi.c (line 2054).
> But unfortunatelly in this case the first
> "picked" right connection has strict mode set on.
>
> I have strict mode patch, seen in bug report 558, applied.

This has nothing to do with strict mode.

It looks like your roadwarrior us not configured properly.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list