Hi Daniel, > And the trap manager patch here: > https://git.strongswan.org/?p=strongswan.git;a=commit;h=7b3b674fae4ecc3ae2a1a07a1701dcf6f72b4bd7 > > Do I need anything else to make it work?
As Stuart already mentioned you'll need the changes in the trap-acquire-tracking branch. And you'll need the reqid changes in 5.3.x. > Correct me if I'm wrong, this only works with Certificate-based > authentication (CA) and not Pre-Shared Keys (PSK)? There is no reason for it not to work with PSKs. Actually, the test scenario uses PSKs (although with a single secret for all hosts). But it works pretty much the same if you want to limit the PSKs to just a group of hosts, just make sure to use appropriate identities, that is, using IP addresses (the default) won't work that well as there is no matching for these (so you'd have to add the same secret for every possible remote IP). But using email addresses or hostnames works fine, then you can e.g. use <host>@<groupid>.example.com as leftid and *@<groupid>.example.com as rightid and define the PSK with that same wildcard identity (this works similarly for hostnames). Regards, Tobias _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
