ipsec: elaborate on PSK gotcha

source/manual/how-tos/ipsec-s2s-conn-route.rst

@@ -135,9 +135,19 @@ Id                      **hostB**           **hostA**
 
 .. Note::
 
-    Secrets for both ends need to be added to ":menuselection:`VPN->IPsec->Pre-Shared Keys`", site A needs a secret
-    set for local identifier :code:`hostB`. Optionally one may also set a second (remote) identifier in which case the secret
-    belongs to these two identifiers.
+    A pre-shared key needs to be added to ":menuselection:`VPN->IPsec->Pre-Shared Keys`". Set :code:`hostA` for
+    local identifier and :code:`hostB` for remote identifier.
+
+    While the remote identifier is optional, keep in mind that not specifying it will make this PSK elligible to
+    be used for different connections using the same local ID as well. It is generally recommended to
+    be as specific as possible.
+
+
+.. Tip::
+
+    If you have an ID specified in the Remote Authentication grid in a connection, then this connection
+    now expects the other end to identifiy itself with this ID. Make sure this reflects reality, as some
+    systems do not allow you to set a specific ID and can default to their local IP address instead.
 
 .....................
 Children