Re: [Swan] PSK with asymmetric keys

Thu, 02 Apr 2020 13:56:05 -0700 

A correction: ipsec.secrets is the name of man page, not ipsec.secret

чет, 2. апр 2020. у 22:50 Vukasin Karadzic <[email protected]> је
написао/ла:

> Dear Rene,
>
> libreswan does not currently support asymmetric PSK authentication. The
> ipsec.secret manual page documents that:
> "Authentication by preshared secret requires that both systems find the
> identical secret".
>
> Regards,
> Vukasin
>
> уто, 31. мар 2020. у 13:17 Rene Neumann <[email protected]> је
> написао/ла:
>
>> Hello,
>>
>> We’re trying to configure Libreswan 3.27 with asymmetric PSK auth support
>> for IKEv2 tunnels and it would appear that Libreswan is always using authby
>> (symmetric) PSK.
>>
>>
>>
>> This is what we have in the conf file:
>>
>>
>>
>> conn XXX
>>
>>
>>
>>         #GLOBAL Configuration
>>
>>         #connaddrfamily=ipv4
>>
>>         auto=add
>>
>>         type=tunnel
>>
>>         mtu=1460
>>
>>
>>
>>         #IKE Configuration
>>
>>         leftauth=secret
>>
>>         rightauth=secret
>>
>>         initial_contact=yes
>>
>>         keyingtries=%forever
>>
>>         keyexchange=ike
>>
>>         nat_keepalive=yes
>>
>>         ike=aes256-sha256;modp1536
>>
>>         ikev2=insist
>>
>>         ikelifetime=60m
>>
>>         remote_peer_type=cisco
>>
>>         fragmentation=yes
>>
>>         dpdaction=hold
>>
>>         dpdtimeout=5m
>>
>>         dpddelay=1
>>
>>         #aggressive=no
>>
>>
>>
>>         #Phase 2 configuration
>>
>>         pfs=yes
>>
>>         phase2=esp
>>
>>         phase2alg=3des-sha256;modp1536
>>
>>         salifetime=86400s
>>
>>
>>
>>         #Left configuration
>>
>>         leftid=192.168.100.108
>>
>>         left=192.168.100.108
>>
>>         leftsubnet=192.168.101.0/24
>>
>>
>>
>>         #Right configuration
>>
>>         rightid=192.168.200.165
>>
>>         right=192.168.200.165
>>
>>         rightsubnet=192.168.204.0/24
>>
>>
>>
>> And for the .secrets file:
>>
>>
>>
>> 192.168.100.108 : PSK "Spoke_Key"
>>
>> 192.168.200.165 : PSK "Collector_Key"
>>
>>
>>
>> We have gone through a lot of permutations and combinations in the
>> secrets file.
>>
>>
>>
>> Some advice would be much appreciated.
>>
>>
>> *Rene Neumann*
>>
>> _______________________________________________
>> Swan mailing list
>> [email protected]
>> https://lists.libreswan.org/mailman/listinfo/swan
>>
>

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to