Thanks for the input.  I'll give it a try and let you know how it goes.

From: Jaco Kroon []
Sent: Tuesday, December 13, 2011 23:42
To: Frank Renwick
Subject: Re: [Ipsec-tools-devel] group password in ipsec-tools


Doubt this will ever get merged mainline but I use the attached patch to set a "default" PSK if it can't be normally located.

Tested and in use at at least four different sites.  Diff is against ipsec-tools-0.8.0.

Not as granular as style thing, but the code would be MUCH harder to write, and seeing that I use this with L2TP/IPSec where I really do need the same PSK for the entire internet it's sufficient for my requirements.

Kind Regards,

On 12/14/11 00:26, Frank Renwick wrote:
Hopefully, the following is an appropriate topic for this forum.  If not, don't hesitate to let me know.
I'm writing in search of a way to specify a single ISAKMP pre-shared key
to cover a set of VPN endpoints I'm running in an environment where I want to
share one key between a set of endpoints without manually
defining a separate line in psk.txt for each endpoint.  (Specifically,
I'm using opennhrp, a software package that builds on-demand IPSec
tunnels between endpoints whose IP addresses are unknown apriori.)
At present, the only configuration solution I've found is to manually
identify all of the endpoints in psk.txt:
10,10,1,1 this-is-my-key this-is-my-key
... this-is-my-key
On Cisco routers, there is a capability to use a single ISAKMP key 
to cover an entire subnet.  Example include:
crypto isakmp key this-is-my-key address 10.0.0,0 (covers all of 10.0.0/8)
crypto isakmp key this-is-my-key address  (allows any
IP to connect with this ISAKMP key)
A similar option does not appear to be availalbe in ipsec-tools.  Am I mistaken?
I am using ipsec-tools version 0.8.0:
[root]# racoon -V
@(#)ipsec-tools 0.8.0 (
Compiled with:
- OpenSSL 1.0.0d-fips 8 Feb 2011 (
- IPv6 support
- Dead Peer Detection
- IKE fragmentation
- Hybrid authentication
- NAT Traversal
- Admin port
- Monotonic clock
- Security context
Frank Renwick

Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and 
improve service delivery. Take 5 minutes to use this Systems Optimization 
Self Assessment.

Ipsec-tools-devel mailing list