Trying to learn more about strongSwan and IPsec tunnels, I had set up a basic (and local) site-to-site IPsec tunnel between 2 machines running pfSense.
While studying the ipsec.secrets file (/var/etc/ipsec/ipsec.secrets), I have noticed that the basic (and not secure!) pre-shared key (PSK) 'vpn' has been converted to '0sdnBu'. Does anyone know what hash this could be? Feels like it could be relevant if I would like to create a tunnel between pfSense and another kind of system running strongSwan.
That's just a Base64-encoding of the PSK. The 0s prefix indicates this to strongSwan and the rest of the value is parsed as binary value accordingly:
$ echo -n 'vpn' | base64
dnBu
$ echo -n 'dnBu' | base64 -d
vpn
Similarly, the 0x prefix would allow passing shared secrets in hex-encoding (e.g. vpn would then be 0x76706e).
pfSense probably encodes the shared secret in Base64 to avoid issues with special characters (or character sets) when users configure this via the Web UI.