<div>Hi everybody,</div><div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace">I'm starting in VPN World, and I want (and need) implement a VPN site-site. </font></div>
<div><font face="'courier new', monospace">My enviromnt (test) is (like net2net cert):</font></div><div><span style="font-family:'courier new',monospace"> </span></div><div><font face="'courier new', monospace"> ------- --------</font><span style="font-family:'courier new',monospace"> -------- ------- </span></div>
<div><font face="'courier new', monospace">| wksA | ----| gwA | --------- | gwB | ---- | wksB | </font></div><div><font face="'courier new', monospace"> ------- -------- -------- -------</font></div>
<div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace">wksA 192.168.9.2</font></div><div><span style="font-family:'courier new',monospace">gwA int - 192.168.9.1</span></div>
<div><span style="font-family:'courier new',monospace">gwA ext - 192.168.10.197</span></div><div><font face="'courier new', monospace"><br></font></div><div><div><font face="'courier new', monospace">wksB 192.168.8.2</font></div>
<div><span style="font-family:'courier new',monospace">gwB int - 192.168.8.1</span></div><div><span style="font-family:'courier new',monospace">gwB ext - 192.168.10.198</span></div></div><div><font face="'courier new', monospace"><br>
</font></div><div><font face="'courier new', monospace">The goal is wksA establish connectivity with wksB.</font></div><div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace"><br>
</font></div><div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace">In gwA and gwB I had installed and signed x509 certs. Was created 3 files:</font></div><div>
<font face="'courier new', monospace">cert.pem</font></div><div><font face="'courier new', monospace">req.pem</font></div><div><font face="'courier new', monospace">key.pem</font></div><div><font face="'courier new', monospace"><br>
</font></div><div><font face="'courier new', monospace">then, I copied theses files to /etc/ipsec.d/certs</font></div><div><font face="'courier new', monospace">Doubts:</font></div><div><font face="'courier new', monospace">1 - Do I need copy keys between gwA and gwB ?</font></div>
<div><font face="'courier new', monospace">2 - Based on examples from <a href="http://strongswan.org/Test">strongswan.org/Test</a> scenarios, (net2net cert) the /etc/ipsec.conf session conn net-net is:</font></div>
<div><font face="'courier new', monospace"><div> leftcert=cert.pem </div><div> leftid=@<a href="http://moon.strongswan.org">moon.strongswan.org</a> // from site example</div></font></div><div><font face="'courier new', monospace"><br>
</font></div><div><font face="'courier new', monospace"> but, what really is leftid ? seaching of web I saw the Subject certificate (OU, CN, ..) in this field. what I have to use ?</font></div><div><font face="'courier new', monospace"><br>
</font></div><div><font face="'courier new', monospace"><br></font></div><div><font face="'courier new', monospace">Thanks.</font></div><div><font face="'courier new', monospace"><br></font></div><div>
<font face="'courier new', monospace"><br></font></div><font face="'courier new', monospace">-- <br>Jefferson Leandro</font><div><font face="'courier new', monospace">Curitiba - BR</font></div><div>
<font face="'courier new', monospace"><br></font><div><div><div><font face="'courier new', monospace"><br></font></div></div></div><br>
</div>