[Openswan Users] how does this mean in man page of ipsec.secrets
Peter McGill
petermcgill at goco.net
Fri Nov 10 09:28:33 EST 2006
> " An additional complexity arises in the case of authentication by preshared secret: the
> responder will need to look up the secret before the Peer's ID payload has been decoded,
> so the ID used will be the IP address."
> how does this mean?
If your using the default keying method if RSA or Certificates ignore this, it's not relevant.
If your using pre-shared secret/keys "PSK", then you must specify them with the public ip addresses
of the two switches.
Normal RSA keys may be specified by left/right ids, PSK's cannot.
ie)
: RSA {...} # matches any connection
@left.host.id @right.host.id : RSA {...} # matches any connection using these left and right ids.
1.2.3.4 5.6.7.8 : RSA {...} # matches any connection using these ips in the right and left ips.
1.2.3.4 5.6.7.8 : PSK "..." # use ips for psk connections not @ids, the ids will not work, because the psk is needed to read the
ids.
Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited
More information about the Users
mailing list