Regardless of the end, a line like: leftrsasigkey= leftrsasigkey2=... will always add public keys like: (generated?) leftid / leftrsasigkey (generated?) leftid / leftrsasigkey2 to the list of raw public keys. Left will then try all raw public keys matching <id>.
The problem is that the above aren't tied to "left". Any connection, provided the id matches, will use the raw public key; and sometimes use the wrong one. Are there any ideas on how to extract us from this quirky mis-feature? For instance: - let ipsec.secrets define raw public keys? - come up with a syntax that makes it clear that it is shared? - tie it to the connection's end somehow? - drop it?
_______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
