<div dir="ltr"><div dir="ltr"><div dir="ltr"><div>Hi All,</div><div><br></div><div>I am facing an issue in strongswan while establishing a tunnel using public key authentication. I am using strongswan ikev2 version for both as initiator and responder both.<br></div><div><br></div><div>I generated an certificate using openssl which has Subject as:</div><div><br></div><div>Subject: <b>C=ya, ST=mh, L=june, O=hare, OU=ya, CN=myserver/emailAddress=<a href="mailto:myserver@gmail.com">myserver@gmail.com</a></b></div><div><br></div><div>so while configuring in ipsec.conf this as rightid, i configured in ipsec.conf<br></div><div> <br></div><div>rightid="C=ya,ST=mh,L=june,O=hare,OU=ya,CN=myserver,emailAddress=<a href="mailto:myserver@gmail.com">myserver@gmail.com</a>"</div><div><br></div><div>The tunnel didn't come up.</div><div><br></div><div>When I debugged in the log, I found no peer found as.</div><div>Strongswan received peerid as:
"<b>C=ya,ST=mh,L=june,O=hare,OU=ya,CN=myserver,E=<a href="mailto:myserver@gmail.com">myserver@gmail.com</a></b>"</div><div>whereas I had configured it as "
C=ya,ST=mh,L=june,O=hare,OU=ya,CN=myserver,emailAddress=<a href="mailto:myserver@gmail.com">myserver@gmail.com</a>"</div><div><br></div><div>because when I used to '<b>openssl x509 -in server.crt -text</b>' subject string comes as:<br></div><div><br></div><div>Subject:
C=ya, ST=mh, L=june, O=hare, OU=ya, CN=myserver/emailAddress=<a href="mailto:myserver@gmail.com">myserver@gmail.com</a> <br></div><div><br></div><div>so I tried configuring right id as strongswan is expecting, and tunnel was established.</div><div><br></div><div>So why is strongswan not using complete '<b>emailAddress</b>' field of Subject distinguished name and only '<b>E</b>' instead ?<br>
</div><div><br></div><div><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">Best Regards,<div><br></div><div>Yogesh Purohit</div></div></div></div></div></div></div>