Hi Nikos, > How could I take advantage of the "given ideal keys" ? > Is it possible to use the DH derived keys as an index to the pool of > those "ideal keys"?
The IKEv2 protocol uses the DH exchange as a base to derive the cryptographic keys. With PSK authentication, the PSKs are not part of the key derivation, but only used for peer authentication. So at least an IKEv2 compatible implementation can't use the PSK keys directly to derive key material from. You could set up your SAs manually using these keys, or feed in your "ideal" key material to the DH exchange. Depends on what you actually want to achieve. > charon: 08[DMN] thread 10 received 11 > charon: 08[DMN] killing ourself, received critical signal If you can verify this crash with our latest release, a GDB backtrace would be helpful to analyze the issue (use ipsec start --attach-gdb). Regards Martin _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users