[Openswan Users] Using both PSK and Certifcates

Paul Wouters paul at xelerance.com
Tue Mar 29 09:59:14 EDT 2011


On Tue, 29 Mar 2011, Lance Garcia wrote:

> I'm trying to configure my VPN to use both Certificates and PSK. When i look at the man pages for ipsec.conf, it says i
> am allowed to use authby=secret|rsasig to authorise a roadwarrior but when i try to restart the service, IPsec complains
> about the keyword value.
> 
> "ipsec_setup: warning /etc/ipsec.conf: keyword authby, invalid value: secret|rsasig"
> 
> I have tried following https://gsoc.xelerance.com/issues/348 and could not find any instructions or publications
> from http://www.nthdegree.com.au/sverre/publications/141004.html
> 
> Is there a way to add both connections to my ipsec.conf file? or am i missing something?
> 
> Is it possible that i can have two different connections, one being for PSK roadwarriors and the other being for CERT
> roadwarriors?

This is still an issue. The parser does not understand the "|". Partially because we did not want to allow
these type of connections, as it is hard to get the proper behaviour.

Did you recently (openswan 2.6.x) try to have two connections and see if our updated find_host_connection*()
functions actually find them properly?

If you want the easy way out, run these two on separate IPs on the server side.

Paul


More information about the Users mailing list