[Swan] PSK with asymmetric keys
Rene Neumann
rene.neumann at zpesystems.com
Tue Mar 31 11:16:48 UTC 2020
Hello,
We’re trying to configure Libreswan 3.27 with asymmetric PSK auth support for IKEv2 tunnels and it would appear that Libreswan is always using authby (symmetric) PSK.
This is what we have in the conf file:
conn XXX
#GLOBAL Configuration
#connaddrfamily=ipv4
auto=add
type=tunnel
mtu=1460
#IKE Configuration
leftauth=secret
rightauth=secret
initial_contact=yes
keyingtries=%forever
keyexchange=ike
nat_keepalive=yes
ike=aes256-sha256;modp1536
ikev2=insist
ikelifetime=60m
remote_peer_type=cisco
fragmentation=yes
dpdaction=hold
dpdtimeout=5m
dpddelay=1
#aggressive=no
#Phase 2 configuration
pfs=yes
phase2=esp
phase2alg=3des-sha256;modp1536
salifetime=86400s
#Left configuration
leftid=192.168.100.108
left=192.168.100.108
leftsubnet=192.168.101.0/24
#Right configuration
rightid=192.168.200.165
right=192.168.200.165
rightsubnet=192.168.204.0/24
And for the .secrets file:
192.168.100.108 : PSK "Spoke_Key"
192.168.200.165 : PSK "Collector_Key"
We have gone through a lot of permutations and combinations in the secrets file.
Some advice would be much appreciated.
Rene Neumann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200331/39c19a1c/attachment.html>
More information about the Swan
mailing list