[strongSwan] Any check on IDi ?
Martin Willi
martin at strongswan.org
Tue Apr 6 08:54:29 CEST 2010
Hi,
>
> Does strongSwan make any checks on received identification payload IDr
> from the IKE_AUTH exchange for a remote system that is authenticated
> with certificates?
The received identity is used to:
- Look up a configuration: If it does not find a connection matching the
given identity (full match, wildcard match, %any match), tunnel setup
fails.
- Look up a certificate: The identity must be contained in the
certificate either as certificate subject or as a subjectAltName.
Regards
Martin
More information about the Users
mailing list