<div>Hi strongswan team,</div>
<div> </div>
<div>I am using shrewsoft client to connect to strongswan vpn gateway. My connection uses psk with fully qualified domain name as local and remote identities.</div>
<div>In contrary to what is noted here "<a href="http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets">http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets</a>", I am experiencing different behaviour.</div>
<div> </div>
<div>case1) It accepts one psk selector whether the selector matches the host or peer. The ipsec secret reference states it should be host selector.</div>
<div>
<div>case2) It accepts ip-address psk though my identities are defines as fqdn.</div>
<div> </div></div>
<div>Example:</div>
<div>authby = secret</div>
<div><span lang="EN">left=192.168.100.1</span> </div>
<div>right=192.168.200.1 </div>
<div>leftid = <a href="http://home.net">home.net</a></div>
<div>rightid = <a href="http://office.net">office.net</a></div>
<div>...</div>
<div> </div>
<div>I was expecting the above connection will require adding psk with selector fqdn <a href="http://home.net">home.net</a>, and <a href="http://office.net">office.net</a>. But strongswan accepts client calls with PSK defined using IP address selector. </div>
<div> </div>
<div>My connection accepted both PSK options below. </div>
<div> </div>
<div>192.168.100.1 : PSK mysecret or </div>
<div>192.168.200.1 : PSK mysecret </div>
<div> </div>
<div>Is this expected? Can any one please explain to me whether there is dependency between PSK selector and connection leftid/rightid?</div>
<div> </div>
<div>Is it a bug that it accepts PSK with local host selector only? Otherwise there will be no association between connection and PSK , and SS allows any peer to use PSK defined with local selector only.</div>
<div> </div>
<div>Thanks!</div>
<div> </div>
<div>Jordan.</div>
<div> </div>
<div> </div>