Re: [Swan] PSK with asymmetric keys

Fri, 03 Apr 2020 01:06:15 -0700 

Hi Vukasin,

Thank you for the information. We went through the ipsec.conf man file up and 
down and found a few hints that it might have been possible. We must have 
overlooked the entry in the ipsec.secrets man page.

Stay safe and have a great weekend.

Rene Neumann

<https://www.zpesystems.com/demo/>
________________________________
From: Vukasin Karadzic <[email protected]>
Sent: Thursday 2 April 2020 21:54
To: Rene Neumann <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: [Swan] PSK with asymmetric keys

A correction: ipsec.secrets is the name of man page, not ipsec.secret

чет, 2. апр 2020. у 22:50 Vukasin Karadzic 
<[email protected]<mailto:[email protected]>> је написао/ла:
Dear Rene,

libreswan does not currently support asymmetric PSK authentication. The 
ipsec.secret manual page documents that:
"Authentication by preshared secret requires that both systems find the 
identical secret".

Regards,
Vukasin

уто, 31. мар 2020. у 13:17 Rene Neumann 
<[email protected]<mailto:[email protected]>> је написао/ла:
Hello,


We’re trying to configure Libreswan 3.27 with asymmetric PSK auth support for 
IKEv2 tunnels and it would appear that Libreswan is always using authby 
(symmetric) PSK.



This is what we have in the conf file:



conn XXX



        #GLOBAL Configuration

        #connaddrfamily=ipv4

        auto=add

        type=tunnel

        mtu=1460



        #IKE Configuration

        leftauth=secret

        rightauth=secret

        initial_contact=yes

        keyingtries=%forever

        keyexchange=ike

        nat_keepalive=yes

        ike=aes256-sha256;modp1536

        ikev2=insist

        ikelifetime=60m

        remote_peer_type=cisco

        fragmentation=yes

        dpdaction=hold

        dpdtimeout=5m

        dpddelay=1

        #aggressive=no



        #Phase 2 configuration

        pfs=yes

        phase2=esp

        phase2alg=3des-sha256;modp1536

        salifetime=86400s



        #Left configuration

        leftid=192.168.100.108

        left=192.168.100.108

        leftsubnet=192.168.101.0/24<http://192.168.101.0/24>



        #Right configuration

        rightid=192.168.200.165

        right=192.168.200.165

        rightsubnet=192.168.204.0/24<http://192.168.204.0/24>



And for the .secrets file:



192.168.100.108 : PSK "Spoke_Key"

192.168.200.165 : PSK "Collector_Key"



We have gone through a lot of permutations and combinations in the secrets file.



Some advice would be much appreciated.



Rene Neumann

_______________________________________________
Swan mailing list
[email protected]<mailto:[email protected]>
https://lists.libreswan.org/mailman/listinfo/swan

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to