On Thu, Mar 02, 2023 at 03:44:35PM +0000, Stuart Henderson wrote: > Could add a couple more lines to make that more clear though, > and give some hints for people who don't know what PKI is - see below. > > On 2023/03/02 05:35, Crystal Kolipe wrote:
Well done for the, (possibly unintentional), subliminal hint that _I_ don't know what a PKI is ;-). (Of course, I do) > -# psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA" > +# psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA-replace-me" Yes, that pretty much solves the issue I was thinking of. However, I would like to add for the record that I still think that it's an advantage to avoid using static PSKs even for simple applications. It's easier to set up in the beginning, but it makes more admin work in the long term, because if you ever want or need to change either one of the keys, then you need to change it on both machines. With certificates you can avoid that. Setting up iked propperly, (with certs), is not particularly difficult. But anyway, OK by me this version.
