Dear Rene, libreswan does not currently support asymmetric PSK authentication. The ipsec.secret manual page documents that: "Authentication by preshared secret requires that both systems find the identical secret".
Regards, Vukasin уто, 31. мар 2020. у 13:17 Rene Neumann <[email protected]> је написао/ла: > Hello, > > We’re trying to configure Libreswan 3.27 with asymmetric PSK auth support > for IKEv2 tunnels and it would appear that Libreswan is always using authby > (symmetric) PSK. > > > > This is what we have in the conf file: > > > > conn XXX > > > > #GLOBAL Configuration > > #connaddrfamily=ipv4 > > auto=add > > type=tunnel > > mtu=1460 > > > > #IKE Configuration > > leftauth=secret > > rightauth=secret > > initial_contact=yes > > keyingtries=%forever > > keyexchange=ike > > nat_keepalive=yes > > ike=aes256-sha256;modp1536 > > ikev2=insist > > ikelifetime=60m > > remote_peer_type=cisco > > fragmentation=yes > > dpdaction=hold > > dpdtimeout=5m > > dpddelay=1 > > #aggressive=no > > > > #Phase 2 configuration > > pfs=yes > > phase2=esp > > phase2alg=3des-sha256;modp1536 > > salifetime=86400s > > > > #Left configuration > > leftid=192.168.100.108 > > left=192.168.100.108 > > leftsubnet=192.168.101.0/24 > > > > #Right configuration > > rightid=192.168.200.165 > > right=192.168.200.165 > > rightsubnet=192.168.204.0/24 > > > > And for the .secrets file: > > > > 192.168.100.108 : PSK "Spoke_Key" > > 192.168.200.165 : PSK "Collector_Key" > > > > We have gone through a lot of permutations and combinations in the secrets > file. > > > > Some advice would be much appreciated. > > > *Rene Neumann* > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
