[Openswan Users] Why does ipsec.secrets work the way it does?
Nick Howitt
n1ck.h0w1tt at gmail.com
Wed May 25 09:31:46 EDT 2011
Hi,
Out of curiosity, when using a PSK, why is the format of the
ipsec.secrets line:
My_Identifier Remote_Identifier : PSK "secret"
where the identifier is an IP address, FQDN or @string? What I am
wondering is why you need to match on a local identifier (apart from
that is what the specification is)? Conceptually, what is the benefit of
requiring a match with the local identifier rather than just using:
Remote_Identifier : PSK "secret"
Substituting %any for the local identifier is not the same because as
soon as you have %any the remote identifier becomes irrelevant. I
believe (but could be wrong) that if you just don't use a local
identifier then %any is assumed.
Regards,
Nick
More information about the Users
mailing list