Hi strongswan team, I am using shrewsoft client to connect to strongswan vpn gateway. My connection uses psk with fully qualified domain name as local and remote identities. In contrary to what is noted here " http://wiki.strongswan.org/projects/strongswan/wiki/IpsecSecrets";, I am experiencing different behaviour.
case1) It accepts one psk selector whether the selector matches the host or peer. The ipsec secret reference states it should be host selector. case2) It accepts ip-address psk though my identities are defines as fqdn. Example: authby = secret left=192.168.100.1 right=192.168.200.1 leftid = home.net rightid = office.net ... I was expecting the above connection will require adding psk with selector fqdn home.net, and office.net. But strongswan accepts client calls with PSK defined using IP address selector. My connection accepted both PSK options below. 192.168.100.1 : PSK mysecret or 192.168.200.1 : PSK mysecret Is this expected? Can any one please explain to me whether there is dependency between PSK selector and connection leftid/rightid? Is it a bug that it accepts PSK with local host selector only? Otherwise there will be no association between connection and PSK , and SS allows any peer to use PSK defined with local selector only. Thanks! Jordan.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
