[Openswan Users] Problem with multiple connection in l2tp/ipsec

D h @ v @ l dhaval4linux at yahoo.com
Tue Sep 25 09:37:40 EDT 2007 

Hi

I want to connect multiple clients at the same time. the ip address is different.

I have removed leftid and rightid from my connection but still it cant make connection to any one. To use different PSK for different client I have used that leftis and rightid, because ipsec - ipsec works fine with that. For creating multiple connection I have added two connection in my ipsec.conf. here it is

version 2.0     # conforms to second version of ipsec.conf specification


# basic configuration
config setup
        interfaces=%defaultroute
        # NAT-TRAVERSAL support, see README.NAT-Traversal
        nat_traversal=yes

# Add connections here

conn %default
        keyingtries=3

conn netone
        left=10.10.136.94
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=10.10.136.45
        rightnexthop=%defaultroute
        rightprotoport=17/1701
        authby=secret
        auto=add

conn nettwo
        left=10.10.136.94
        leftnexthop=%defaultroute
        leftprotoport=17/1701
        right=10.10.136.46
        rightnexthop=%defaultroute
        rightprotoport=17/1701
        authby=secret
        auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

Then I have ipsec.secrets file look like 

@10.10.136.94 @10.10.136.45 : PSK "helloworld"
@10.10.136.94 @10.10.136.46 : PSK "hello"

Still it cant making connection. after starting ipsec I have added that two connection. Here I want to use different PSK for different clients. Is it possible? How to make multiple connection with Certs. To make multiple connection I have also used leftid and rightid.

    Can you tell how to do that with PSK and Certs. 

Thanks,
Dhaval

Jacco de Leeuw <jacco2 at dds.nl> wrote: 
Dhaval wrote:

> I want to make multiple connection.

What do you mean? You want to support multiple L2TP/IPsec clients
connecting at the same time? From different IP addresses or from
behind the same NAT device?

> But when I add leftid and rightid in connection to ipsec.conf

Why? Leftid/rightid already default to left/right.

>         leftid=@10.10.136.94
>         rightid=@10.10.136.45

Remove these.

>         auto=start

Use auto=add if the client is a road warrior.

> Without leftid and rightid can I make multiple connection?

If clients are connecting from multiple fixed IP addresses
then create multiple connection sections in ipsec.conf.
If clients have dynamic IP addresses, use right=%any instead.
But then every client will have to use the same PSK. You may
want to switch to certificates instead.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


       
---------------------------------
Need a vacation? Get great deals to amazing places on Yahoo! Travel. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070925/3277b5a0/attachment.html

More information about the Users mailing list