[strongSwan] Asymmetric PSK auth support for IKEv2 tunnel between Cisco-IOS Router and Strongswan
Tobias Brunner
tobias at strongswan.org
Tue Oct 4 14:24:23 CEST 2016
Hi Rajiv,
> Is this supported in Strongswan?
No. strongSwan will just use the best matching PSK as determined by
matching their associated identities against the identities of the
IKE_SA (PSKs that match the remote identity better are preferred, if
both match it equally well, the one matching the local identity better
is preferred). Here both PSKs match one identity, but only one exactly
matches the remote identity, so that's the one that gets used for both
directions.
Using two secrets like that doesn't really make much sense, though.
Since a PSK, as the name implies, has to be shared you don't gain
anything by using two of them between two peers.
Regards,
Tobias
More information about the Users
mailing list