[Openswan Users] Is it possible to have multiple roaming users for an IPSec Server with PSK

David McCullough David_Mccullough at securecomputing.com
Mon Dec 8 16:55:23 EST 2008 

Jivin Paul Wouters lays it down ...
> On Mon, 8 Dec 2008, PVG Ravi Kumar wrote:
> 
> > I am facing some problems when i try to connect multiple roaming users
> > to the IPSec Server with PSK. When I have only one roaming user it is
> > working fine without any problem.
> 
> Only with the same PSK.

If you can switch to aggressive mode and configure each end with
left/right ID's then I am pretty sure it's possible to have multiple RW
connections using different PSK's.

If you have to use main mode,  as paul says,  you are stuck with
a single PSK for all RW clients.

Cheers,
Davidm

> > conn RoamingUser1
> >    authby=secret
> >    left=192.168.10.173
> >    leftid=@serv.com
> >    leftsubnet=192.168.200.1/24
> >    right=%any
> >    rightid=@roaminguser1.com
> >    ike=3des-sha1-modp1024
> >    auth=esp
> >    esp=3des-sha1
> >    auto=add
> > conn RoamingUser2
> >    authby=secret
> >    left=192.168.10.173
> >    leftid=@serv.com
> >    leftsubnet=192.168.200.1/24
> >    right=%any
> >    rightid=@roaminguser2.com
> >    ike=3des-sha1-modp1024
> >    auth=esp
> >    esp=3des-sha1
> >    auto=add
> >
> >
> > I added the following line to my ipsec.secrets file
> > @serv.com %any : PSK "password"
> >
> > IP of Server:192.168.10.173
> > IP of RoamingUser1: 192.168.10.193
> > IP of RoamingUser2: 192.168.10.178
> >
> > Roaming User side connections
> >
> > conn RoamingUser1
> >    authby=secret
> >    left=%defaultroute
> >    leftid=@roaminguser1.com
> >    right=192.168.10.173
> >    rightid=@serv.com
> >    rightsubnet=192.168.200.1/24
> >    ike=3des-sha1-modp1024
> >    auth=esp
> >    esp=3des-sha1
> >    auto=add
> > ipsec.secrets:
> > @serv.com @roaminguser1.com : PSK "password"
> >
> > conn RoamingUser2
> >    authby=secret
> >    left=%defaultroute
> >    leftid=@roaminguser2.com
> >    right=192.168.10.173
> >    rightid=@serv.com
> >    rightsubnet=192.168.200.1/24
> >    ike=3des-sha1-modp1024
> >    auth=esp
> >    esp=3des-sha1
> >    auto=add
> >
> > ipsec.secrets:
> > @serv.com @roaminguser2.com : PSK "password"
> >
> >
> > It is working fine if I have one connection at a time. When I
> > have both, only the first one is working.
> > I am attaching the log (server side) with this mail
> >
> > Please let me know if I miss anything in the config file or if I need to
> > add anything in the config file.
> 
> I think that should work, can you show the logs to see what's going on?
> 
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 

-- 
David McCullough,  david_mccullough at securecomputing.com,   Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org   http://www.snapgear.com

More information about the Users mailing list