[Openswan Users] roadwarrior with PSK

Paul Wouters paul at xelerance.com
Fri May 29 15:42:46 EDT 2009


On Fri, 29 May 2009, Sir Thomas wrote:

> 
> i try to established a connection between a openswan server and a
> roadwarriors.
> each roadwarrior have a static ip address and the server, too.
> the roadwarriors have XP and use ShrewSoft VPN Client to connect. we use
> PSK to authenticate.

> conn madrid
>         type=tunnel
>         authby=secret
>         leftsourceip=10.105.241.253
>         left=<public_ip>
>         leftsubnet=10.105.0.0/16
>         right=<public_ip>
>         rightsubnet=192.168.200.60/32
>         auto=add
>         esp=3des-md5
>         pfs=no
>         keyexchange=ike

> The roadwarrior can to established the tunnel and up the tunnel , but
> when they try to connect more than two roadwarrior, one of them drop the
> tunnel.

You need to use different conn's for different roadwarriors, othewise
openswan thinks they are the machine on a different IP. With PSK's you
need to use leftid= and rightid= and not base them on IP.

The proper solution though, is to switch to X.509 based connections. Then
openswan "instantiates" your conn (copies the conn for each connecting client)

Paul


More information about the Users mailing list