[Openswan Users] how does this mean in man page of ipsec.secrets

Peter McGill petermcgill at goco.net
Fri Nov 10 09:28:33 EST 2006

>        " An  additional  complexity  arises  in the case of authentication by preshared secret: the
>        responder will need to look up the secret before the Peer's ID payload has  been  decoded,
>        so the ID used will be the IP address."
> how does this mean?

If your using the default keying method if RSA or Certificates ignore this, it's not relevant.
If your using pre-shared secret/keys "PSK", then you must specify them with the public ip addresses
of the two switches.

Normal RSA keys may be specified by left/right ids, PSK's cannot.

: RSA {...} # matches any connection
@left.host.id @right.host.id : RSA {...} # matches any connection using these left and right ids. : RSA {...} # matches any connection using these ips in the right and left ips. : PSK "..." # use ips for psk connections not @ids, the ids will not work, because the psk is needed to read the 

Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited 

More information about the Users mailing list