[Swan] PSK with asymmetric keys

[Rene Neumann]

Hello,


We’re trying to configure Libreswan 3.27 with asymmetric PSK auth support for IKEv2 tunnels and it would appear that Libreswan is always using authby (symmetric) PSK.



This is what we have in the conf file:



conn XXX



        #GLOBAL Configuration

        #connaddrfamily=ipv4

        auto=add

        type=tunnel

        mtu=1460



        #IKE Configuration

        leftauth=secret

        rightauth=secret

        initial_contact=yes

        keyingtries=%forever

        keyexchange=ike

        nat_keepalive=yes

        ike=aes256-sha256;modp1536

        ikev2=insist

        ikelifetime=60m

        remote_peer_type=cisco

        fragmentation=yes

        dpdaction=hold

        dpdtimeout=5m

        dpddelay=1

        #aggressive=no



        #Phase 2 configuration

        pfs=yes

        phase2=esp

        phase2alg=3des-sha256;modp1536

        salifetime=86400s



        #Left configuration

        leftid=192.168.100.108

        left=192.168.100.108

        leftsubnet=192.168.101.0/24



        #Right configuration

        rightid=192.168.200.165

        right=192.168.200.165

        rightsubnet=192.168.204.0/24



And for the .secrets file:



192.168.100.108 : PSK "Spoke_Key"

192.168.200.165 : PSK "Collector_Key"



We have gone through a lot of permutations and combinations in the secrets file.



Some advice would be much appreciated.



Rene Neumann

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200331/39c19a1c/attachment.html>