[strongSwan] ikev1 without specifying rightid

Marwil, Mark-P63354 Mark.Marwil at gdc4s.com
Wed Jun 30 23:36:16 CEST 2010


I also forgot to mention the hardware on the right is a Cisco ASA 5505.
Would it be possible to authenticate to the gateway if I have the left
side has the  CA cert that signed the right's identity cert?


Thanks for the help!
Mark


-----Original Message-----
From: Andreas Steffen [mailto:andreas.steffen at strongswan.org] 
Sent: Tuesday, June 29, 2010 2:51 AM
To: Marwil, Mark-P63354
Cc: users at lists.strongswan.org
Subject: Re: [strongSwan] ikev1 without specifying rightid

Hi Mark,

whereas IKEv2 allows a peer to initiate a connection with the other
endpoint's ID given by a wildcard expression (in that case the optional
IDr will not be not sent), this not possible with IKEv1.

Regards

Andreas

On 29.06.2010 01:30, Marwil, Mark-P63354 wrote:
> I am using Strongswan version 4.3.6 setup according to the example
> ikev1/nat-before-esp.  This configuration works for me if I specifiy
the
> full DN for the rightid parameter.  When I take the rightid out, the
> connection fails. 
> 
> I would like to find out if it is possible to just specify the peers
IP
> address without specifying the DN.  Is there a way to tell Pluto that
it
> should trust the peer even if it does not know the DN?
> 
> Thank you,
> 
> Mark Marwil
> 

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==





More information about the Users mailing list