On Thu, Oct 11, 2007 at 07:50:50PM +0200, Arnim Sommer wrote:
> Stuart Henderson schrieb:
> > On 2007/10/11 10:18, [EMAIL PROTECTED] wrote:
> >> i want to include the functionality of our old Linksys BEFVP41 into our
> >> new
> >> OpenBSD Router.
> >> First step: PSK
> >> One line like
> >> ike passive esp tunnel from any to <localnet> main ... quick ... psk
> >> <foobar>
> >> in ipsec.conf works.
> >> If I put in a second line with another PSK, only the second one works.
> >> How do I put in multiple PSK into ipsec.conf?
> >
> > With main mode, you need to list IP addresses, but that won't
> > help you for dynamic IP.
> >
> > It might be possible with aggressive mode, but aggressive+psk is
> > a poor combination.
> >
> > You should just setup public-key instead.
>
> Ok, thank you.
> Any hints for trapdoors to avoid?
No, but if things don't work immediately, Google is more likely to be
able to make sense of isakmpd's debug output than you (it's not terribly
readable, but the archives are full of good hints).
Joachim
--
TFMotD: zic (8) - time zone compiler
