That is a good point :) Is using a certificate for the responder and a PSK for the initiator supported?
/Ryan On 7/7/15, 3:25 PM, "Noel Kuntze" <[email protected]> wrote: > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA256 > >Hello Ryan, >Asymettric PSKs are not supported >and completely useless, as they're shared. >Both sides know them. >Using different keys on either side gains no security whatsoever. > >Mit freundlichen Grüßen/Kind Regards, >Noel Kuntze > >GPG Key ID: 0x63EC6658 >Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >Am 07.07.2015 um 21:23 schrieb Ruel, Ryan: >> I am trying to configure a connection where I use an FQDN identifier >>for my local ID, and an e-mail address for the remote identifier. >> >> Both use the same domain name. >> >> I have set a secret for each in ipsec.secrets, which I would like to be >>asymmetric. >> >> What I find, however, is that strongSwan is using "abc123" for both >>keys. I can verify this with a Cisco CSR by setting the local and >>remote pre-shared key to abc123, and the connection comes up. >> >> Is there a way to do this? >> >> /Ryan >> >> ipsec.secrets: >> @foo.bar.com : PSK 123abc >> [email protected] : PSK abc123 >> >> ipsec.conf: >> conn test >> auto=add >> authby=secret >> leftid="foo.bar.com" >> right=%any >> rightid="*foo.bar.com" >> >> >> >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v2 > >iQIcBAEBCAAGBQJVnCe2AAoJEDg5KY9j7GZYyKAP/A9pqEfJtplohCuROjQNyVFX >1OjhxpCf5rJxB7CN4UJ01pW3RFF84ynof5ogbp8rExRj4JsXnx7KctAD+R1mYqHt >vOk1B+ykUbejKkwJlovCtmuzrU7aCWItf9yrNKI2VWfSO0+Q84GS6yrxE/ZiYR8t >GYkA1ZZpV4GMNXUTY4TcQPT8aBlYoE7AQjlxdlqi37RoKwk8wuD9+GdDhw1HekVX >CYb8dur4EZCZtfqZgowOMJBUjB0k1RawLVHszEiNAOp7S2Iu1nq8A31zEQV5/mF4 >AjXmLPHvNMf64R6tVvMa7y1c9ZVYx+4y0laVRGgwZSzwdWrVfqTcGERAeKTIPq38 >IuZVkpbTTXUWLxVupM1HfJPNjINerxS6MnCYUYhxygAh/N4d8qNDsNlEu5JMU1Z/ >X2eS1ooamw2Oow/iL63REiNGjzIEnq6w7u4mSi5aAbz5YWRm4gall7Nm0QRFlkPt >2cERaFla+8u7ikLOIqA5eNI0tEFbmwuQSy3yOo7BA66sFWt3new7MbyYxYFf59M6 >9Oz8WSQabXvMszXXs0eSVw4DIomIjfEInTJX3qE9mpjg5+l9eD/ir8oM3ooUp8UM >9P474b5CMaNulHe33YLprjZr7O9mliqiwXevH+kA/npQaf5Or+sSL0rSVtsf6bre >UfIJ3CtS7Dhl7rv2+Dt7 >=o39j >-----END PGP SIGNATURE----- > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
