[strongSwan] Asymmetric PSK auth support for IKEv2 tunnel between Cisco-IOS Router and Strongswan

Tobias Brunner tobias at strongswan.org
Tue Oct 4 14:24:23 CEST 2016

Hi Rajiv,

> Is this supported in Strongswan?

No.  strongSwan will just use the best matching PSK as determined by
matching their associated identities against the identities of the
IKE_SA (PSKs that match the remote identity better are preferred, if
both match it equally well, the one matching the local identity better
is preferred).  Here both PSKs match one identity, but only one exactly
matches the remote identity, so that's the one that gets used for both

Using two secrets like that doesn't really make much sense, though.
Since a PSK, as the name implies, has to be shared you don't gain
anything by using two of them between two peers.


More information about the Users mailing list