[Openswan Users] [Openswan dev] Road warrior in aggressive mode can not use %any entry in ipsec.secrets if rightid (other than IP) is specified
hiren joshi
joshihirenn at gmail.com
Tue Dec 23 05:31:53 EST 2008
Thanks for the reply.
I think specifying this behavioral difference (Main Vs Aggressive) will help.
Regards,
-hiren
> That's right. From the man page:
>
> In the case of a "Road Warrior" connection, if an equal match
> is not found for the Peer´s ID, and it is in the form of an IP
> address, an index of %any will match the peer´s IP address if
> IPV4 and %any6 will match a the peer´s IP address if IPV6.
>
>> My guess is as in aggressive mode ID is sent in plain, it is to
>> prevent an existing road warrior user to use other user's ID.
>
> The only reason for using Aggressive Mode instead of Main Mode,
> is that you can specify the ID early enough to give different
> PSK's to each roadwarrior. If you are going to use the same PSK
> for everyone, you might as well use Main Mode.
>
> Paul
>
More information about the Users
mailing list