[Openswan Users] Problem with same Certificate ?

Paul Wouters paul at xelerance.com
Tue Aug 11 15:24:28 EDT 2009

On Tue, 11 Aug 2009, Nguyễn Hoàng Anh wrote:

> To day, I try config Ipsec openswan system with one Server and two Clients.
> Server ---Client 1 (myCert.pem)
>           \ Client 2  (myCert.pem)
> When I use same certificate for two clients then I CAN NOT get two tunnels at same time. I only have one tunnel one time.
> I don't understand why it is. Please show me why.
> Many thanks!

Do not share certificates with multiple clients.
It would be impossible detect the same client connecting twice, or one client
connecting once and then appearing again elsewhere. You can tweak this by
setting uniqueids=no, but such a setup is really bad, as all clients share
the same certificate AND private key.


More information about the Users mailing list