[strongSwan] KEY_ID encoding

Volodymyr Litovka doka.ua at gmx.com
Wed Oct 7 08:17:33 CEST 2020


Hi Rajiv,

connection:

     remote {
         auth = psk
         id = keyid:test
     }

secrets:

ike-test {
     id = keyid:test
     secret = QuebooNa$976
}


On 07.10.2020 01:29, Rajiv Kulkarni wrote:
> sorry there was a typo....i meant to use as below:
>
> secrets {
>     tst1 {
> id = @#0x636973636f617361
> secret = test123456789
>     }
> }
>
> would this work?
>
> thanks
> Rajiv
>
>
> On Wed, Oct 7, 2020 at 3:57 AM Rajiv Kulkarni
> <rajivkulkarni69 at gmail.com <mailto:rajivkulkarni69 at gmail.com>> wrote:
>
>     Hi
>
>     Iam also interested to know how to configure with "swanctl.conf"....
>     would this config method work?
>
>
>     =================================================
>     connections {
>
>     ...........
>     .....................
>
>     remote {
>                         id = keyid:ciscoasa
>                         auth = psk
>                     }
>
>      ...
>      ..............
>
>
>     }
>
>
>     secrets {
>         tst1 {
>     id = @#636973636f617361
>     secret = test123456789
>         }
>     }
>     =======================================
>
>     With ipsec.conf, i have been configuring as below and this works
>     very successfully:
>
>     =======================
>
>     conn testserver1
>          left=172.29.100.74
>          right=%any
>          leftid=172.29.100.74
>          rightid=keyid:svtgrp1
>     .....
>          auto=add
>     ....
>
>     and in the ipsec.secrets file, i configured as below:
>
>     172.29.100.74  @#0x73767467727031  :   PSK "Admin$123456789"
>
>     ============================================================
>
>     Iam planning to move to swanctl.conf....hence wanting to confirm
>
>
>     thanks & regards
>     Rajiv
>
>
>
>
>
>
>
>
>
>
>
>     On Tue, Sep 15, 2020 at 2:16 PM Tobias Brunner
>     <tobias at strongswan.org <mailto:tobias at strongswan.org>> wrote:
>
>         Hi Volodymyr,
>
>         >  ikev2-cisoasa {
>         >     remote_addrs = %any
>         >     local { ... }
>         >     remote {
>         >       auth = psk
>         >       id = @#636973636f617361
>
>         This can't work.  The # character is used for comments, so you
>         basically
>         configured an empty FQDN identity.  Either wrap this string in
>         quotes
>
>              id = "@#636973636f617361"
>
>         or use the keyid: prefix
>
>              id = keyid:ciscoasa
>
>         Regards,
>         Tobias
>
--
Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20201007/e7d2686e/attachment-0001.html>


More information about the Users mailing list