[Openswan Users] Is it possible to have multiple roaming users for an IPSec Server with PSK

PVG Ravi Kumar pvgravi at dlink.co.in
Mon Dec 8 05:00:42 EST 2008 

Hello All,

I am using openswan-2.4.13

I am facing some problems when i try to connect multiple roaming users
to the IPSec Server with PSK. When I have only one roaming user it is
working fine without any problem.

Here is my Server Config file:

# basic configuration
config setup
    interfaces=%defaultroute
    nat_traversal=yes
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
     klipsdebug=all
     plutodebug=all

conn RoamingUser1  
    authby=secret
    left=192.168.10.173
    leftid=@serv.com
    leftsubnet=192.168.200.1/24
    right=%any
    rightid=@roaminguser1.com
    ike=3des-sha1-modp1024
    auth=esp
    esp=3des-sha1
    auto=add
conn RoamingUser2
    authby=secret
    left=192.168.10.173
    leftid=@serv.com
    leftsubnet=192.168.200.1/24
    right=%any
    rightid=@roaminguser2.com
    ike=3des-sha1-modp1024
    auth=esp
    esp=3des-sha1
    auto=add


I added the following line to my ipsec.secrets file
@serv.com %any : PSK "password"

IP of Server:192.168.10.173
IP of RoamingUser1: 192.168.10.193
IP of RoamingUser2: 192.168.10.178

Roaming User side connections

conn RoamingUser1
    authby=secret
    left=%defaultroute
    leftid=@roaminguser1.com
    right=192.168.10.173
    rightid=@serv.com
    rightsubnet=192.168.200.1/24
    ike=3des-sha1-modp1024
    auth=esp
    esp=3des-sha1
    auto=add
ipsec.secrets:
@serv.com @roaminguser1.com : PSK "password"

conn RoamingUser2
    authby=secret
    left=%defaultroute
    leftid=@roaminguser2.com
    right=192.168.10.173
    rightid=@serv.com
    rightsubnet=192.168.200.1/24
    ike=3des-sha1-modp1024
    auth=esp
    esp=3des-sha1
    auto=add

ipsec.secrets:
@serv.com @roaminguser2.com : PSK "password"


It is working fine if I have one connection at a time. When I
have both, only the first one is working.
I am attaching the log (server side) with this mail

Please let me know if I miss anything in the config file or if I need to
add anything in the config file.


Thanks in advance
Ravi

 

DISCLAIMER: This message is proprietary to D-Link (India) Limited and is
intended solely for the use of the individual to whom it is addressed. It
may contain privileged or confidential information and should not be
circulated or used for any purpose other than for what it is intended. If
you have received this message in error, please notify the originator
immediately. If you are not the intended recipient, you are notified that
you are strictly prohibited from using, copying, altering, or disclosing the
contents of this message. D-Link (India) Limited accepts no responsibility
for loss or damage arising from the use of the information transmitted by
this email including damage from virus.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec_server_log.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20081208/0b748dda/attachment-0001.txt

More information about the Users mailing list