#3 Ip address range + pre shared keys

racoon
closed
nobody
5
2009-01-16
2004-05-11
Anonymous
No

Hi,

I am trying to configure IP sec across a large network
with pre shared keys. Windows does this happily.
However, I can not figure out how to setyp the psk.txt
file so that I do not have to have every host listed.
I tried:
192.168.1.0/24 secret

That didn't work.
Anyone have ideas?

Thanks!!!

Discussion

  • Aidas Kasparas

    Aidas Kasparas - 2004-05-12

    Logged In: YES
    user_id=39627

    Wildcards are not supported in that file, sorry. Therefore
    you will need to write down separate line for every IP in
    your network, if you really need to have the same preshared
    key for all these IP. Or find another solution. For example,
    use user_fqdn type of identification, if other side supports it.

    Just to be sure, do you want *direct* IPSec conection with
    every device in that network, or do you want IPSec conection
    with single device which is gateway for that network? In
    first case, what is setup which needs this kind of
    configuration?

    And let me remind you, what PSK is considered not very
    strong authentication; even less strong, if you intend to
    share key to hunderds of devices. Do you really want to use it?

     
  • Vijay Sarvepalli

    Logged In: YES
    user_id=78225

    You cannot do this without sepcifying eacsh ip address
    seperately. A simple script might do this for your /24 subnet
    #!/usr/bin/bash
    i=1;
    while [ $i -lt 255 ]; do
    echo 192.168.1.$i secret >> psk.txt
    i=`expr $i + 1`;
    done

    Vijay

     
  • Timo Teras

    Timo Teras - 2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.

     
  • Timo Teras

    Timo Teras - 2009-01-16
    • status: open --> closed
     

Log in to post a comment.