[strongSwan] Asymmetric PSK auth support for IKEv2 tunnel between Cisco-IOS Router and Strongswan
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Tue Oct 4 15:22:27 CEST 2016
OK. I will use only same/symmetric PSK for these tunnels
(you are right, when you look at it, asymmetric-psk is not really required)
Thank you so much for your response and thank you for the info on this
support in strongswan
regards
Rajiv
On Tue, Oct 4, 2016 at 5:54 PM, Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Rajiv,
>
> > Is this supported in Strongswan?
>
> No. strongSwan will just use the best matching PSK as determined by
> matching their associated identities against the identities of the
> IKE_SA (PSKs that match the remote identity better are preferred, if
> both match it equally well, the one matching the local identity better
> is preferred). Here both PSKs match one identity, but only one exactly
> matches the remote identity, so that's the one that gets used for both
> directions.
>
> Using two secrets like that doesn't really make much sense, though.
> Since a PSK, as the name implies, has to be shared you don't gain
> anything by using two of them between two peers.
>
> Regards,
> Tobias
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161004/89346d16/attachment.html>
More information about the Users
mailing list