[strongSwan] KEY_ID encoding
Rajiv Kulkarni
rajivkulkarni69 at gmail.com
Wed Oct 7 00:29:58 CEST 2020
sorry there was a typo....i meant to use as below:
secrets {
tst1 {
id = @#0x636973636f617361
secret = test123456789
}
}
would this work?
thanks
Rajiv
On Wed, Oct 7, 2020 at 3:57 AM Rajiv Kulkarni <rajivkulkarni69 at gmail.com>
wrote:
> Hi
>
> Iam also interested to know how to configure with "swanctl.conf"....
> would this config method work?
>
>
> =================================================
> connections {
>
> ...........
> .....................
>
> remote {
> id = keyid:ciscoasa
> auth = psk
> }
>
> ...
> ..............
>
>
> }
>
>
> secrets {
> tst1 {
> id = @#636973636f617361
> secret = test123456789
> }
> }
> =======================================
>
> With ipsec.conf, i have been configuring as below and this works very
> successfully:
>
> =======================
>
> conn testserver1
> left=172.29.100.74
> right=%any
> leftid=172.29.100.74
> rightid=keyid:svtgrp1
> .....
> auto=add
> ....
>
> and in the ipsec.secrets file, i configured as below:
>
> 172.29.100.74 @#0x73767467727031 : PSK "Admin$123456789"
>
> ============================================================
>
> Iam planning to move to swanctl.conf....hence wanting to confirm
>
>
> thanks & regards
> Rajiv
>
>
>
>
>
>
>
>
>
>
>
> On Tue, Sep 15, 2020 at 2:16 PM Tobias Brunner <tobias at strongswan.org>
> wrote:
>
>> Hi Volodymyr,
>>
>> > ikev2-cisoasa {
>> > remote_addrs = %any
>> > local { ... }
>> > remote {
>> > auth = psk
>> > id = @#636973636f617361
>>
>> This can't work. The # character is used for comments, so you basically
>> configured an empty FQDN identity. Either wrap this string in quotes
>>
>> id = "@#636973636f617361"
>>
>> or use the keyid: prefix
>>
>> id = keyid:ciscoasa
>>
>> Regards,
>> Tobias
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201007/8cfa1fce/attachment.html>
More information about the Users
mailing list