[strongSwan] Setting PSK keys per connection endpoint via swanctl

Aniruddha Atale udev79 at gmail.com
Thu Apr 30 03:06:04 CEST 2015


Hello Noel,
Thanks for the answer.

--
Thanks,
Aniruddha


On Wed, Apr 29, 2015 at 7:50 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Aniruddha,
>
> Yes, specify the ID of the participant as ID in the secrets configuration.
>
> Example:
>
> connections {
>         home {
>                 local {
>                         id = home
>                         auth = psk
>                 }
>
>                 remote {
>                         id = gw
>                         auth = psk
>                 }
>                 children {
>                        home {
>                 }
>         }
> }
>
> secrets {
>         ike-home {
>                 id  = gw
>                 secret = foobar
>         }
> }
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 29.04.2015 um 20:52 schrieb Aniruddha Atale:
> > Hello,
> > Is there a way by which I can specify pre-shared-keys per connection
> endpoint. I am looking at examples config files from
> http://www.strongswan.org/uml/testresults/swanctl/ and it seems that I
> can only specify PSK per host-ip and not per pair of IP.
> >
> > In the example below, I have three hosts "home", "carol" and "dave". I
> want host "home" to use different PSK key based on weather its talking to
> carol or dave.
> >
> > Is this possible? What would the file swanctl.conf file look like?
> >
> > --
> > Thanks,
> > Aniruddha
> >
> >
> > -- swanctl.conf example --
> > secrets {
> >   ike-home {
> >       id = 192.168.0.1
> >       secret = 0pBpZAZqEN6Ti9sqt4ZP5EWqrt
> >    }
> > ike-carol {
> >       id = 192.168.0.100
> >       secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
> >    }
> >    ike-dave {
> >       id = 192.168.0.200
> >       secret = 0sjVzONCF02ncsgiSlmIXeqhGN
> >    }
> > }
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.strongswan.org
> > https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJVQW5RAAoJEDg5KY9j7GZYYcoP/1kXd+c/cGtXkKmKlTq0Y4Kz
> MZiR+NRaEN8X+39Ro4LyQBHdj1FBk9aMpqpADsa3v/22lCgUsZfl7vxEIgOE1++L
> A3x5Oiq7NUiVXumeE6TqFN6+7He33lHESejd3BSX1t/deWhFcDjnHC9FmJL+NbSv
> um9ZF8yCfGjdfmilW4AmVDAqLob3/imImGZeW33FI+myWr5k0GFueJM8+jZJle7u
> bxCAdKV8F4spEmOKT5CGUS2IcmCtRlnLqmx4K6tm2rf55f5MVn7RDzC0AvwKmDKb
> z+0b2krBHvOWpix21Ww+8vbrCrH6keNMCcMVzd8AeRgwPgvly8G44Tz3Rj1P1BNl
> /JV2WP8bJ2sow8dF98HCILm21CSLQBB/vPK9B2bqB3LVzUKXz+iR9iBVv2FikcRU
> fLP36bGYVWRzU1GH/bV2+zpd1ELMu4j2JA7tMhBIVAQrhDXo3r7Tg5Hu0kIWvPu1
> RY9tSVmzEniENNDPnAwpZ49mxZikCcfbHqzUq5vZ4ziOqzUlbGe+tiA1n5OFjTfS
> r/a1G6oEzDDDn4Gfe2A6UAdDrVIt2q+fKrD6cCIrg2no6x6bJjmLrU4z3mcH2+sz
> Cc6DvVRx+fSl2oIVL0G0Mlt8TbCBpD6GiAw1b8WyXzok5k6lky/Kv63MV+KaCd4w
> WxaYvfzRFJvBE9tj/rak
> =HtSx
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150429/1613dcbe/attachment-0001.html>


More information about the Users mailing list