[strongSwan] ipsec secrets

yordanos beyene yordanosb at gmail.com
Tue Dec 11 08:57:25 CET 2012


Hi strongswan team,

I am using shrewsoft client to connect to strongswan vpn gateway. My
connection uses psk with fully qualified domain name as local and remote
identities.
In contrary to what is noted here "
http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets", I am
experiencing different behaviour.

case1)  It accepts one psk selector whether the selector matches the host
or peer. The ipsec secret reference states it should be host selector.
 case2)  It accepts ip-address psk though my identities are defines as fqdn.

Example:
authby = secret
left=192.168.100.1
right=192.168.200.1
leftid =  home.net
rightid = office.net
...

I was expecting the above connection will require adding psk with selector
fqdn home.net, and office.net. But strongswan accepts client calls with PSK
defined using IP address selector.

My connection accepted both PSK options below.

192.168.100.1  : PSK mysecret    or
192.168.200.1   :  PSK mysecret

Is this expected? Can any one please explain to me whether there is
dependency between PSK selector and connection leftid/rightid?

Is it a bug that it accepts PSK with local host selector only?  Otherwise
there will be no association between connection and PSK , and SS allows
any peer to use PSK defined with local selector only.

Thanks!

Jordan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121210/352da986/attachment.html>


More information about the Users mailing list