[strongSwan] Asymmetric PSK auth support for IKEv2 tunnel between Cisco-IOS Router and Strongswan

Rajiv Kulkarni rajivkulkarni69 at gmail.com
Tue Oct 4 15:22:27 CEST 2016

OK. I will use only same/symmetric PSK for these tunnels
(you are right, when you look at it, asymmetric-psk is not really required)

Thank you so much for your response and thank you for the info on this
support in strongswan


On Tue, Oct 4, 2016 at 5:54 PM, Tobias Brunner <tobias at strongswan.org>

> Hi Rajiv,
> > Is this supported in Strongswan?
> No.  strongSwan will just use the best matching PSK as determined by
> matching their associated identities against the identities of the
> IKE_SA (PSKs that match the remote identity better are preferred, if
> both match it equally well, the one matching the local identity better
> is preferred).  Here both PSKs match one identity, but only one exactly
> matches the remote identity, so that's the one that gets used for both
> directions.
> Using two secrets like that doesn't really make much sense, though.
> Since a PSK, as the name implies, has to be shared you don't gain
> anything by using two of them between two peers.
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161004/89346d16/attachment.html>

More information about the Users mailing list