<div dir="ltr">You can have server (responder) authenticate itself using certificate and client (initiator) authenticate using PSK<div><br></div><div>something like this, </div><div><br></div><div class="gmail-cye-lm-tag">client</div><div class="gmail-cye-lm-tag"><div class="gmail-cye-lm-tag">  leftauth=secret</div><div class="gmail-cye-lm-tag">  rightauth=pubkey</div></div><div><br></div><div><div class="gmail-cye-lm-tag" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">server</div><div class="gmail-cye-lm-tag" style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><div class="gmail-cye-lm-tag">  leftauth=pubkey</div><div class="gmail-cye-lm-tag">  rightauth=secret</div></div><br class="gmail-Apple-interchange-newline"><br></div><div>Yes you put both the entries in ipsec.secrets</div><div><br></div><div>: RSA  <your_private_key></div><div>: PSK <your secret></div><div><br></div><div><br></div><div>Thanks</div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 7, 2018 at 6:33 AM, Newton, Benjamin David <span dir="ltr"><<a href="mailto:bdnewto@sandia.gov" target="_blank">bdnewto@sandia.gov</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div dir="ltr" style="font-size:12pt;color:#000000;background-color:#ffffff;font-family:Calibri,Arial,Helvetica,sans-serif">
<p>Can anyone tell me if strongswan is able to support Authentication using both a pre-shared secret and a digital certificate simultaneously?</p>
<p><br>
</p>
<p>If so, can you give me any pointers on how to configure such a connecton?  Do you keep authby=secret line?  Do you put both entries in the ipsec.secrets file?</p>
<p><br>
</p>
<p>Thanks,</p>
<p>  Ben Newton<br>
</p>
</div>

</blockquote></div><br></div>