[strongSwan] KEY_ID encoding
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Wed Oct 7 00:27:21 CEST 2020
Hi
Iam also interested to know how to configure with "swanctl.conf"....
would this config method work?
=================================================
connections {
...........
.....................
remote {
id = keyid:ciscoasa
auth = psk
}
...
..............
}
secrets {
tst1 {
id = @#636973636f617361
secret = test123456789
}
}
=======================================
With ipsec.conf, i have been configuring as below and this works very
successfully:
=======================
conn testserver1
left=172.29.100.74
right=%any
leftid=172.29.100.74
rightid=keyid:svtgrp1
.....
auto=add
....
and in the ipsec.secrets file, i configured as below:
172.29.100.74 @#0x73767467727031 : PSK "Admin$123456789"
============================================================
Iam planning to move to swanctl.conf....hence wanting to confirm
thanks & regards
Rajiv
On Tue, Sep 15, 2020 at 2:16 PM Tobias Brunner <tobias at strongswan.org>
wrote:
> Hi Volodymyr,
>
> > ikev2-cisoasa {
> > remote_addrs = %any
> > local { ... }
> > remote {
> > auth = psk
> > id = @#636973636f617361
>
> This can't work. The # character is used for comments, so you basically
> configured an empty FQDN identity. Either wrap this string in quotes
>
> id = "@#636973636f617361"
>
> or use the keyid: prefix
>
> id = keyid:ciscoasa
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201007/583ac93a/attachment.html>
More information about the Users
mailing list