Hello List, I've got this config that is working beautifully :
#ROAD WARRIOR ike passive from 10.1.2.3 to 10.9.8.0/24 \ peer any \ main auth hmac-sha2-256 enc aes-256 group modp2048 \ quick auth hmac-sha2-256 enc aes-256 \ srcid 192.168.111.1 dstid a...@example.com \ psk some_very_long_and_complicated_key \ tag RoadRunner However, if I go and copy/paste that snipped in order to lazily create a second user : #ROAD WARRIOR ike passive from 10.1.2.4 to 10.9.8.0/24 \ peer any \ main auth hmac-sha2-256 enc aes-256 group modp2048 \ quick auth hmac-sha2-256 enc aes-256 \ srcid 192.168.111.1 dstid b...@example.com \ psk another_very_long_and_complicated_key \ tag RoadRunner Changing only the from,dstid and psk parameters..... in other words : --- one.txt2010-03-30 00:00:00.000000000 +0000 +++ two.txt2010-03-30 00:00:00.000000000 +0000 @@ -1,8 +1,8 @@ -#ROAD WARRIOR -ike passive from 10.1.2.3 to 10.9.8.0/24 \ +#ROAD HOG +ike passive from 10.1.2.4 to 10.9.8.0/24 \ peer any \ main auth hmac-sha2-256 enc aes-256 group modp2048 \ quick auth hmac-sha2-256 enc aes-256 \ -srcid 192.168.111.1 dstid a...@example.com \ -psk some_very_long_and_complicated_key \ +srcid 192.168.111.1 dstid b...@example.com \ +psk another_very_long_and_complicated_key \ tag RoadRunner I am greeted with the following wise words : # ipsecctl -f /etc/ipsec.conf /etc/ipsec.conf: 50: default peer psk mismatch /etc/ipsec.conf: 50: default peer dstid mismatch Delete my newly added block and it's all happy again. What am I doing wrong ? Or perhaps more imporantly, what part of the man pages have I not FR'd ? ;-)