[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] using RSA signatures and PSK on one strongswan
From:       a.bertacca () vva ! de (Ariano Bertacca)
Date:       2004-05-17 15:43:20
Message-ID: 1084801273.3225.68.camel () grautvornix ! intern ! vva ! de
[Download RAW message or body]

Hi!

I managed to use PSK along with RSASIG authentication. Works perfectly.

If you set up your "conn %default" including your vpn routers cert (like
leftcert=blah.pem) you have to reset that when using PSK auth.

Like:
conn %default
	leftcert=vpnrouter.pem
	leftid="C=...
	...

and:
conn remote-psk
	leftcert=
	leftid=123.123.123.123
	authby=secret
	...

as well as a proper ipsec.secrets file.

Maybe this is obvious to all of you - i wondered the first two or three
times when i got several messages telling me that no psk was found
(pluto was not looking for ID=IP instead looked for the certs DN as ID),
so i wanted to leave a hint for all that want to try this kind of
configuration.

Great piece of software!


Kind regards,

Ariano Bertacca


-- 
VVA Kommunikation 
: medien mit zukunft 

Ariano Bertacca | Systemmanagement | Netzwerktechnik | IT-Security 

VVA Kommunikation 
H?herweg 278 | 40231 D?sseldorf 
fon: 0211 7357-834 | fax: 0211 7357-859 

a.bertacca@vva.de

PGP KeyID: 0x081E5E62
PGP Fingerprint: EAD0 4BAD 0819 5079 96AC  3DC4 CB54 F02F 081E 5E62

----------------------------------------------------------------------- 
Any opinions expressed in this message are those of the individual 
and not necessarily the company. This message and any files transmitted 
with it are confidential and solely for the use of the intended 
recipient. If you are not the intended recipient or the person 
responsible for delivering to the intended recipient, be advised that 
you have received this message in error and that any use is strictly 
prohibited.

[prev in list] [next in list] [prev in thread] [next in thread]