[strongSwan] Setting PSK keys per connection endpoint via swanctl

Thu Apr 30 01:50:44 CEST 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Aniruddha,

Yes, specify the ID of the participant as ID in the secrets configuration.

Example:

connections {
        home {
                local {
                        id = home
                        auth = psk
                }

                remote {
                        id = gw
                        auth = psk
                }
                children {
                       home {
                }
        }
}

secrets {
        ike-home {
                id  = gw
                secret = foobar
        }
}

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 29.04.2015 um 20:52 schrieb Aniruddha Atale:
> Hello,
> Is there a way by which I can specify pre-shared-keys per connection endpoint. I am looking at examples config files from http://www.strongswan.org/uml/testresults/swanctl/ and it seems that I can only specify PSK per host-ip and not per pair of IP.
>
> In the example below, I have three hosts "home", "carol" and "dave". I want host "home" to use different PSK key based on weather its talking to carol or dave.
>
> Is this possible? What would the file swanctl.conf file look like?
>
> --
> Thanks,
> Aniruddha
>
>
> -- swanctl.conf example --
> secrets {
>   ike-home {
>       id = 192.168.0.1
>       secret = 0pBpZAZqEN6Ti9sqt4ZP5EWqrt
>    }
> ike-carol {
>       id = 192.168.0.100
>       secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
>    }
>    ike-dave {
>       id = 192.168.0.200
>       secret = 0sjVzONCF02ncsgiSlmIXeqhGN
>    }
> }
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVQW5RAAoJEDg5KY9j7GZYYcoP/1kXd+c/cGtXkKmKlTq0Y4Kz
MZiR+NRaEN8X+39Ro4LyQBHdj1FBk9aMpqpADsa3v/22lCgUsZfl7vxEIgOE1++L
A3x5Oiq7NUiVXumeE6TqFN6+7He33lHESejd3BSX1t/deWhFcDjnHC9FmJL+NbSv
um9ZF8yCfGjdfmilW4AmVDAqLob3/imImGZeW33FI+myWr5k0GFueJM8+jZJle7u
bxCAdKV8F4spEmOKT5CGUS2IcmCtRlnLqmx4K6tm2rf55f5MVn7RDzC0AvwKmDKb
z+0b2krBHvOWpix21Ww+8vbrCrH6keNMCcMVzd8AeRgwPgvly8G44Tz3Rj1P1BNl
/JV2WP8bJ2sow8dF98HCILm21CSLQBB/vPK9B2bqB3LVzUKXz+iR9iBVv2FikcRU
fLP36bGYVWRzU1GH/bV2+zpd1ELMu4j2JA7tMhBIVAQrhDXo3r7Tg5Hu0kIWvPu1
RY9tSVmzEniENNDPnAwpZ49mxZikCcfbHqzUq5vZ4ziOqzUlbGe+tiA1n5OFjTfS
r/a1G6oEzDDDn4Gfe2A6UAdDrVIt2q+fKrD6cCIrg2no6x6bJjmLrU4z3mcH2+sz
Cc6DvVRx+fSl2oIVL0G0Mlt8TbCBpD6GiAw1b8WyXzok5k6lky/Kv63MV+KaCd4w
WxaYvfzRFJvBE9tj/rak
=HtSx
-----END PGP SIGNATURE-----