You can have server (responder) authenticate itself using certificate and client (initiator) authenticate using PSK
something like this, client leftauth=secret rightauth=pubkey server leftauth=pubkey rightauth=secret Yes you put both the entries in ipsec.secrets : RSA <your_private_key> : PSK <your secret> Thanks On Wed, Feb 7, 2018 at 6:33 AM, Newton, Benjamin David <[email protected]> wrote: > Can anyone tell me if strongswan is able to support Authentication using > both a pre-shared secret and a digital certificate simultaneously? > > > If so, can you give me any pointers on how to configure such a connecton? > Do you keep authby=secret line? Do you put both entries in the > ipsec.secrets file? > > > Thanks, > > Ben Newton >
