[Openswan Users] multiple road-warrior with psk

Christophe LAUVERNIER christophe.lauvernier at wanadoo.fr
Tue Nov 4 11:48:17 EST 2008 

Hello,

I'm trying to make a tunnel between a linux openswan (2.6.18 and netkey) 
and some road warrior with the shrew soft vpn client.
I use the PSK authentication.

Is it possible to use a same psk with multiple road warrior connections ?

My config files
/etc/ipsec.conf

conn conn1-to-concentrateur
        type=tunnel
        authby=secret
        pfs=yes
        ike=aes128-sha1-modp1536
        esp=aes128-sha1
        dpddelay=1
        dpdtimeout=60
        dpdaction=clear
        left=x.x.x.x            # left = local & right = remote
        leftid=x.x.x.x
        leftnexthop=%defaultroute
        leftsubnet=192.168.42.0/24
        right=%any                  # wildcard, don't know ip adress
        rightsubnet=192.168.50.1/32
        rightid=192.168.50.1
        rightnexthop=%defaultroute
        auto=add

conn conn2-to-concentrateur
        type=tunnel
        authby=secret
        pfs=yes
        ike=aes128-sha1-modp1536
        esp=aes128-sha1
        dpddelay=1
        dpdtimeout=60
        dpdaction=clear
        left=x.x.x.x            # left = local & right = remote
        leftid=x.x.x.x
        leftnexthop=%defaultroute
        leftsubnet=192.168.42.0/24
        right=%any
        rightsubnet=192.168.51.1/32
        rightid=192.168.51.1
        rightnexthop=%defaultroute
        auto=add

conn conn3-to-concentrateur
        type=tunnel
        authby=secret
        pfs=yes
        ike=aes128-sha1-modp1536
        esp=aes128-sha1
        dpddelay=1
        dpdtimeout=60
        dpdaction=clear
        left=x.x.x.x            # left = local & right = remote
        leftid=x.x.x.x
        leftnexthop=%defaultroute
        leftsubnet=192.168.42.0/24
        right=%any                  # wildcard, don't know ip adress
        rightsubnet=192.168.52.1/32
        rightid=192.168.52.1
        rightnexthop=%defaultroute
        auto=add



/etc/ipsec.secrets

: PSK "toto"

It seems to work but i have error messages.



I want to use the RSA method but i don't know how to do with my 
shrewsoft client.
i create a rsa key with openssl and extract the public key but my 
shrewsoft client with authentication method "Mutual RSA" wants a Server 
Certificate Autority File, a client Certificate File and a client 
Private Key File. Can someone help me ? Thanks







-- 
Ce message a été vérifié par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a été trouvé.
For all your IT requirements visit: http://www.transtec.co.uk

More information about the Users mailing list