[strongSwan] ipsec pool file with certificates
Claude Tompers
claude.tompers at restena.lu
Thu Oct 28 15:37:51 CEST 2010
Hi Martin,
* 192.168.122.190="C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate"
This is the format in my file (ikev2.addr), I imported them into the db with:
ipsec pool --add ikev1 --addresses /path/to/ikev1.addr --timeout 48
Should I write 192.168.122.190="X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'" into the file ?
Or do I need to store the identities separately ?
regards,
Claude
On Thursday 28 October 2010 15:28:30 Martin Willi wrote:
> Hi Claude,
>
> > * 192.168.122.190="C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate"
>
> How did you store these identities in the database?
>
> strongSwan expects these identities in the encoded ASN1 form. We ship a
> helper script with our distribution to convert identities to valid SQL
> code:
>
> ./scripts/id2sql "O=strongswan, CN=test"
>
> > type encoding
> > 9, X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'
>
> Regards
> Martin
>
>
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101028/5523b74e/attachment.pgp>
More information about the Users
mailing list