<div dir="ltr">Hi all,<div><br></div><div>Fairly new user here - question about StrongSwan configuration and Certificate authentication.</div><div><br></div><div>Is there any way to tell StrongSwan 5.x (when a headend) to ignore the ID sent by the client, and always use the Certificate DN as the remote ID? I've gone through the docs and mailing list, and cant seem to find anything for the current version.</div>
<div><br></div><div>If not, is there a fundamental security problem with doing this that I'm overlooking? My first thought is that this would actually be *more* secure. It seems like a client could be written to spoof the ID, but spoofing a specific Enterprise CA-signed certificate DN would be much harder.</div>
<div><br></div><div>Thanks,</div><div><div><div>Aaron</div>
</div>
</div></div>