[strongSwan-dev] Charon ::- PSK selection based on ID selectors ::

Kumar, Shekhar 1. (NSN - IN/Bangalore) shekhar.1.kumar at nsn.com
Wed Oct 1 09:21:52 CEST 2014

Hi All , 

Could someone please tell me what are the criteria for choosing a PSK from ipsec.secrets based on ID selectors.
I was following the documentation here   :: https://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets . 
Which says " an entry with multiple selectors will match a host and peer if the host ID and peer ID each match one of the selectors."  

But , the current charon implementation seem to select PSK from ipsec.secrets even when only one of (my_id or remote_id) matches. ( multiple selectors mentioned in PSK entry in ipsec.conf)
According to strongswan documentation in case of PSK both my_id and remote_id must match the list of selectors present for the PSK entry in ipsec.conf.


More information about the Dev mailing list