[Swan] Swan Digest, Vol 3, Issue 34
Pavel Kopchyk
pkopchyk at gmail.com
Mon Mar 25 16:38:02 EET 2013
My test case is - Linux, Windows and Mac OS clients use certificates,
mobile clients (Android and IOS) use a PSK.
If I am connected from Linux or Windows system using a certificate,
then I can't connect with a PSK from Android or IOS.
Is it possible to implement this configuration?
version 2.0
config setup
interfaces="%defaultroute"
nat_traversal=yes
protostack=mast
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.11.30.0/24
klipsdebug=none
plutodebug=none
strictcrlpolicy=no
uniqueids=yes
nhelpers=0
oe=no
conn %default
sareftrack=yes
overlapip=yes
ikelifetime=8h
keylife=1h
keyingtries=3
rekey=no
pfs=no
compress=no
keyexchange=ike
dpddelay=10
dpdtimeout=90
dpdaction=clear
conn L2TP-CERT
type=transport
authby=rsasig
auth=esp
left=12.X.X.X
leftrsasigkey=%cert
leftid=@vpn.test.com
leftcert="vpn.test.com"
leftprotoport=17/1701
right=%any
rightrsasigkey=%cert
rightca=%same
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
auto=add
conn L2TP-PSK
type=transport
authby=secret
left=12.X.X.X
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
auto=add
Pavel
2013/3/25 Paul Wouters <pwouters at redhat.com>:
> On Mon, 25 Mar 2013, Pavel Kopchyk wrote:
>
> If you change leftid/rightid to be different it will probably work.
>
> Other then testing/benchmarking, is there any valid reason for two
> endpoints to be configure as either RSA or PSK?
>
> Paul
More information about the Swan
mailing list