You can have server (responder) authenticate itself using certificate and
client (initiator) authenticate using PSK

something like this,

client
  leftauth=secret
  rightauth=pubkey

server
  leftauth=pubkey
  rightauth=secret


Yes you put both the entries in ipsec.secrets

: RSA  <your_private_key>
: PSK <your secret>


Thanks




On Wed, Feb 7, 2018 at 6:33 AM, Newton, Benjamin David <bdne...@sandia.gov>
wrote:

> Can anyone tell me if strongswan is able to support Authentication using
> both a pre-shared secret and a digital certificate simultaneously?
>
>
> If so, can you give me any pointers on how to configure such a connecton?
> Do you keep authby=secret line?  Do you put both entries in the
> ipsec.secrets file?
>
>
> Thanks,
>
>   Ben Newton
>

Reply via email to