ipsec: elaborate on PSK gotcha (#886)

2026-06-09 00:22:06 -04:00 · 2026-05-28 11:12:53 +02:00 · 2026-05-28 11:12:53 +02:00 · c106f77cdd
commit c106f77cdd
parent a253470b2a
1 changed files with 13 additions and 3 deletions
--- a/source/manual/how-tos/ipsec-s2s-conn-route.rst
+++ b/source/manual/how-tos/ipsec-s2s-conn-route.rst
@ -135,9 +135,19 @@ Id                      **hostB**           **hostA**

 .. Note::

-    Secrets for both ends need to be added to ":menuselection:`VPN->IPsec->Pre-Shared Keys`", site A needs a secret
-    set for local identifier :code:`hostB`. Optionally one may also set a second (remote) identifier in which case the secret
-    belongs to these two identifiers.
+    A pre-shared key needs to be added to ":menuselection:`VPN->IPsec->Pre-Shared Keys`". Set :code:`hostA` for
+    local identifier and :code:`hostB` for remote identifier.
+
+    While the remote identifier is optional, keep in mind that not specifying it will make this PSK elligible to
+    be used for different connections using the same local ID as well. It is generally recommended to
+    be as specific as possible.
+
+
+.. Tip::
+
+    If you have an ID specified in the Remote Authentication grid in a connection, then this connection
+    now expects the other end to identifiy itself with this ID. Make sure this reflects reality, as some
+    systems do not allow you to set a specific ID and can default to their local IP address instead.

 .....................
 Children