[Openswan Users] roadwarrior with PSK

Paul Wouters paul at xelerance.com
Thu Jun 4 19:19:38 EDT 2009

On Wed, 3 Jun 2009, Sir Thomas wrote:

> i have a question, if i have to use leftid and rightid in each conn , i
> may set into .conf file and .secret file, isn't it?.
> if i use leftid /rightid ,is it neccesary to set left and righ with
> theirs public ips?
> i read in openswan.org that it's possible to set a multiple roadwarrior
> with PSK using uniqueids=no but the PSK must be the same for all conn.
> Otherwise, my first choice was to use X509, i follow this manual

You should really use X.509 instead of PSK. If one user ever leaves, all
your other users' have to change their PSK to a new one for security.

> http://www.natecarlson.com/linux/ipsec-x509.php#changelog
> to create CA but when i execute this line /sslca$ openssl ca -gencrl -out
> crl.pem
> it generates this message error:
> sslca]# openssl ca -gencrl -out crl.pem
> Using configuration from /etc/pki/tls/openssl.cnf
> Enter pass phrase for ../../CA/private/cakey.pem:
> ../../CA/crlnumber: No such file or directory
> error while loading CRL number
> 23025:error:02001002:system library:fopen:No such file or
> directory:bss_file.c:352:fopen('../../CA/crlnumber','r')
> 23025:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
> Do you know what it is the problem?

echo "01" > ../../CA/crlnumber

That was a recently added openssl requirement.


More information about the Users mailing list