[strongSwan] Asymmetric PSK auth support for IKEv2 tunnel between Cisco-IOS Router and Strongswan
rajivkulkarni69 at gmail.com
Tue Oct 4 15:22:27 CEST 2016
OK. I will use only same/symmetric PSK for these tunnels
(you are right, when you look at it, asymmetric-psk is not really required)
Thank you so much for your response and thank you for the info on this
support in strongswan
On Tue, Oct 4, 2016 at 5:54 PM, Tobias Brunner <tobias at strongswan.org>
> Hi Rajiv,
> > Is this supported in Strongswan?
> No. strongSwan will just use the best matching PSK as determined by
> matching their associated identities against the identities of the
> IKE_SA (PSKs that match the remote identity better are preferred, if
> both match it equally well, the one matching the local identity better
> is preferred). Here both PSKs match one identity, but only one exactly
> matches the remote identity, so that's the one that gets used for both
> Using two secrets like that doesn't really make much sense, though.
> Since a PSK, as the name implies, has to be shared you don't gain
> anything by using two of them between two peers.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users