[Openswan Users] create pre-share-key for muilt point

Nick Howitt nick at howitts.co.uk
Fri Feb 19 03:17:11 EST 2016 

You can use PSK's, but I think you need to change to either aggressive 
mode or IKEv2. As an alternative, certificates may work instead of PSK's 
but I don't know the certificate set up.

Nick


On 2016-02-19 08:08, MichaelLeung wrote:
> i was wonder is there any way to encrypt data on Router when before
> being sent out , like shadowsocks. and Server just decrypt using the
> same secrets.
> 
> i throw out this problem just because my ike negoinitiation  are
> always interrupted by national firewall.
> 
> On 02/19/2016 10:14 AM, MichaelLeung wrote:
>> so , i can't use seperate secrets when i haven't a public address.
>> 
>> On 02/17/2016 03:53 PM, Nick Howitt wrote:
>>> Yes. Either that or use aggressive mode or ikev2 when you can match 
>>> on left/rightid.
>>> 
>>> Nick
>>> 
>>> 
>>> On 2016-02-17 05:29, MichaelLeung wrote:
>>>> what if one of my site  doesn't have a stable public ip address ? is
>>>> that meaning i have to use %any to match all connection ?
>>>> 
>>>> On 02/17/2016 01:25 PM, MichaelLeung wrote:
>>>> 
>>>>> i had subscriber to the maillist .
>>>>> 
>>>>> On 02/05/2016 10:49 PM, Patrick Naubert wrote:
>>>>> 
>>>>>> Rescued from the spam bucket. Please remember to subscribe to
>>>>>> the mailing list before posting to it.
>>>>>> 
>>>>>> FROM: "Mittelsdorf, Bjoern" <Bjoern.Mittelsdorf at scheer-group.com>
>>>>>> 
>>>>>> SUBJECT: RE: [OPENSWAN USERS] CREATE PRE-SHARE-KEY FOR MUILT POINT
>>>>>> 
>>>>>> DATE: February 5, 2016 at 2:00:33 AM EST
>>>>>> 
>>>>>> TO: "users at lists.openswan.org" <users at lists.openswan.org>
>>>>>> 
>>>>>> Hi Michael,
>>>>>> 
>>>>>> you can (probably should :-) ) use different keys for different
>>>>>> connections.
>>>>>> 
>>>>>> But it will not work with the %any placeholder in the first line,
>>>>>> if I am not mistaken.
>>>>>> 
>>>>>> Cheers
>>>>>> 
>>>>>> Björn
>>>>>> 
>>>>>> 
>>>>> 
>>>> ----------------------------------------------------------------------
>>>>>> From: MichaelLeung <gbcbooksmj at gmail.com>
>>>>>> Subject: [Openswan Users] create pre-share-key for muilt point
>>>>>> 
>>>>>> hi all
>>>>>> 
>>>>>> can we create more than one pre-share-key ?
>>>>>> for example, i have three VPS running on the internet and i want
>>>>>> use different pre-share-key to communicate is it ipsec.secrets
>>>>>> correct ?
>>>>>> #
>>>>>> include /etc/ipsec.d/*.secrets
>>>>>> 192.168.1.1 %any : PSK "sharekey1"
>>>>>> 192.168.1.1 192.168.2.1 : PSK "sharekey2"
>>>>>> 192.168.1.1 192.168.3.1 : PSK "sharekey3"
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Users at lists.openswan.org
>>>>>> https://lists.openswan.org/mailman/listinfo/users [1]
>>>>>> Micropayments:
>>>>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy [2]
>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>> 
>>>>> 
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>> [3]
>>>> 
>>>> 
>>>> 
>>>> Links:
>>>> ------
>>>> [1] https://lists.openswan.org/mailman/listinfo/users
>>>> [2] https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> [3] 
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 
>>>> _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: 
>>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>

More information about the Users mailing list