We should rewrite strongswan authentication to reflect the structure from swanctl.conf
The most important change is that more than one local/remote ID in the same auth entry should be allowed.
One of the use cases it is requirement to work with Cisco Flex VPN
Current syntax:
set vpn ipsec site-to-site peer OFFICE-B authentication local-id 192.0.2.1 set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer OFFICE-B authentication pre-shared-secret 'SSSeeccRetT' set vpn ipsec site-to-site peer OFFICE-B authentication remote-id 192.0.2.2
Proposed syntax:
set vpn ipsec site-to-site peer OFFICE-B authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '192.0.2.2' set vpn ipsec authentication psk OFFICE-B id '192.0.2.1' set vpn ipsec authentication psk OFFICE-B id '192.0.2.2' set vpn ipsec authentication psk OFFICE-B secret 'SSSeeccRetT'
Several psk's
set vpn ipsec site-to-site peer OFFICE-B authentication local-id '192.0.2.1' set vpn ipsec site-to-site peer OFFICE-B authentication mode 'pre-shared-secret' set vpn ipsec site-to-site peer OFFICE-B authentication remote-id '192.0.2.2' set vpn ipsec authentication psk OFFICE-B1 id '192.0.2.1' set vpn ipsec authentication psk OFFICE-B1 id '192.0.2.3' set vpn ipsec authentication psk OFFICE-B1 id '192.0.2.4' set vpn ipsec authentication psk OFFICE-B1 secret 'SSSeeccRetT1' set vpn ipsec authentication psk OFFICE-B2 id '192.0.2.2' set vpn ipsec authentication psk OFFICE-B2 id '192.0.2.5' set vpn ipsec authentication psk OFFICE-B2 id '192.0.2.6' set vpn ipsec authentication psk OFFICE-B2 secret 'SSSeeccRetT2'