I'm trying (kind of) to create VPN client, I set my server on Ubuntu using OpenSwan (L2tp/IPsec PSK). What I'm doing right now is sending packets to my server and trying to exchange my keys with the server. And here is the thing I am confused about:
- After
Security Association
I'm trying to doKey Exchange
but I'm not sure if in Key Exchange I should send my coded PSK, or my generated numbers using Diffie-Hellman algorithm? - Also how does DH works with PSK? If I understand it right, Server and Client should have different numbers, that both side know from the start and on that basis they generate SecretPassword, so how does it work for PSK?
- How does
Identification
after Key Exchange work? Is it sending my PSK encoded with SecretPassword generated earlier or something? Because as far as I know username and password are checked later on, or am I wrong?