[Openswan Users] Is it possible to auth by either psk or rsa?

Brad Peterson despite at gmail.com
Thu Jul 15 14:54:27 EDT 2010

On Thu, Jul 15, 2010 at 12:19 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Wed, 14 Jul 2010, Brad Peterson wrote:
>  The authby section of man ipsec.conf(5) says authby can have a value of
>> 'secret|rsasig' to accept either.  I'm running openswan 2.6.25 and
>> get an error using that value:  "WARNING: /etc/ipsec.d/l2tp-psk.conf: 2:
>> keyword authby, invalid value: secret|rsasig"
>> I haven't found any mention in the docs, the git commits, or online of
>> this option being removed.  Was it replaced with anything?
> I think we just never extended the parser for that. I think ideally, we
> would use a new keyword
> for this situation.
> It is a very uncommon scenario, and best avoided btw.
> Paul

I agree of course, and wish I had another way.  But supporting iPhone
clients is a priority, and they don't support certificates for L2TP/IPsec.
 I am hoping a dual-auth setup will let us accept iPhone clients, but still
protect other connections from the man-in-the-middle attacks that PSK's

Am I missing a better way to do this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100715/abcd278a/attachment.html 

More information about the Users mailing list