<div dir="ltr"><div class="gmail_quote"><br><br><div dir="ltr"><br>Hi<div>Thanks a lot for your quick reply.</div><div>Excuse me for my dummy question.I am some confused.</div><div>May you give me more explanation about "subject distinguished name", "subjectAltName", "subject DN" field on X509 certification?</div>
<div>According to your told, I should define lefid at least, is that true ?</div><div><br></div><div>Thanks in advance for any help or guidance </div><div><div></div><div class="h5"><div><br><div><div class="gmail_quote">
On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
left|rightid *must* be either the subject distinguished name or<br>
a subjectAltName extension contained in the certificate. If you<br>
don't define leftid or if leftid is not defined in the certificate<br>
then automatically the subject DN is assumed as a default.<br>
<br>
As a responder you can define rightid=%any, in that case any<br>
peer with a trusted and non-revoked certificate will be accepted.<br>
<br>
Regards<br>
<br>
Andreas<br>
<div><br>
On 09/25/2011 10:40 AM, nima chavooshi wrote:<br>
> Hi<br>
> I have setup strongswan and I could establish secure connection with 2<br>
> nodes without any problem.<br>
> My connection config is :<br>
><br>
> conn net-net<br>
> left=30.0.2.2<br>
> leftcert=peer1.crt<br>
</div>> leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <<a href="http://0.0.0.0/0" target="_blank">http://0.0.0.0/0</a>><br>
> rightsubnet=<a href="http://30.0.2.0/24" target="_blank">30.0.2.0/24</a> <<a href="http://30.0.2.0/24" target="_blank">http://30.0.2.0/24</a>><br>
<div>> right=30.0.2.1<br>
> leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"<br>
> rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"<br>
> keyexchange=ikev2<br>
> type=tunnel<br>
> auth=ah<br>
> auto=add<br>
><br>
> My concern about leftID and rightID options. I could not establish<br>
> connection without them.related values I derive from certificates. May<br>
> give me more information about possible values that I can set for these<br>
> parameters?<br>
> If I do not want use leftid or rightid, what option do I set instead of<br>
> them?<br>
><br>
> Thank in advance<br>
<br>
</div>======================================================================<br>
<font color="#888888">Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a><br>
strongSwan - the Linux VPN Solution! <a href="http://www.strongswan.org" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
===========================================================[ITA-HSR]==<br>
</font></blockquote></div><br></div></div></div></div></div>
</div><br></div>