[strongSwan] Any check on IDi ?

Martin Willi martin at strongswan.org
Tue Apr 6 08:54:29 CEST 2010


Hi,
> 
> Does strongSwan make any checks on received identification payload IDr
> from the IKE_AUTH exchange for a remote system that is authenticated
> with certificates?

The received identity is used to:

- Look up a configuration: If it does not find a connection matching the
  given identity (full match, wildcard match, %any match), tunnel setup
  fails.
- Look up a certificate: The identity must be contained in the
  certificate either as certificate subject or as a subjectAltName.

Regards
Martin






More information about the Users mailing list