<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:13px"><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">Hi All,</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class=""><br class=""></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">Below is my default.ipsec.conf settings:</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class=""><br></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">conn win7</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    keyexchange=ikev2</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    eap_identity=%any</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    leftauth=pubkey</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    rightauth=eap-tls</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    right=%any</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    left=%defaultroute</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    leftcert=vpn02.pem</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    leftsendcert=yes</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    rightsendcert=never</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    rightsourceip=10.100.128.0/17</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class="">    leftsubnet=172.16.177.42/32</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class="">    auto=add</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class=""><br class=""></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" class=""><br class=""></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class="">With this configuration, EAP identity received is the CN from client (user) certificate. We need to get the eap_identity in the form for full subject of the client certificate i.e. "/C=IN/ST=KA/L=*/O=*/OU=12345/CN=*/emailAddress=*". Any ideas how to achieve this? We need to get the full subject so that we can different connection profiles based on the different OU?</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class=""><br class=""></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class="">Thanks,</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class="">-Ajay</div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class=""><br></div><div id="yiv4350722421yui_3_16_0_1_1440675854796_10813" dir="ltr" class=""><br></div></div></body></html>