--- oakley.c 2011-03-17 14:42:58.000000000 +0000 +++ oakley.c 2015-09-25 00:37:38.000000000 +0100 @@ -2386,6 +2386,7 @@ char *p; int len; int error = -1; + struct ipsecdoi_id_b *id_b; /* SKEYID */ switch (iph1->approval->authmethod) { @@ -2395,7 +2396,19 @@ case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: #endif if (iph1->etype != ISAKMP_ETYPE_IDENT) { - iph1->authstr = getpskbyname(iph1->id_p); + id_b = (struct ipsecdoi_id_b *)iph1->id_p->v; + + if (id_b->type != IPSECDOI_ID_IPV4_ADDR + && id_b->type != IPSECDOI_ID_IPV6_ADDR) { + iph1->authstr = getpskbyname(iph1->id_p); + } else { + struct sockaddr addr; + u_int8_t prefix; + u_int16_t ul_proto; + if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto)) { + iph1->authstr = getpskbyaddr(&addr); + } + } if (iph1->authstr == NULL) { if (iph1->rmconf->verify_identifier) { plog(LLV_ERROR, LOCATION, iph1->remote,