[strongSwan] ipsec pool file with certificates
andreas.steffen at strongswan.org
Thu Oct 28 23:59:01 CEST 2010
the Distinguished Names must be written in the address file without
the double quotes:
moon ipsec.d # cat addresses.txt
10.3.0.3=C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org
10.3.0.4=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org
10.3.0.6=alice at strongswan.org
ipsec pool --add bigpool --addresses addresses.txt --timeout 0
After setting up a connection each from carol and dave to gateway moon
and taking it down again I get:
moon ipsec.d # ipsec pool --leases
name address status start end
bigpool 10.3.0.3 static Oct 28 23:52:38 2010 Oct 28 23:53:24
2010 C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org
bigpool 10.3.0.4 static Oct 28 23:53:10 2010 Oct 28 23:53:20
2010 C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org
On 10/28/2010 03:52 PM, Claude Tompers wrote:
> I get no error, I just don't get the IP address I reserved. I'm supposed to get 192.168.122.190 (reserved) but I get 192.168.122.129 (the first one in the pool).
> So I think that the id in the file, does not match the one sent by the client ?
> On Thursday 28 October 2010 15:48:48 Martin Willi wrote:
>>> ipsec pool --add ikev1 --addresses /path/to/ikev1.addr --timeout 48
>> I see.
>>> Should I write 192.168.122.190="X'302431133011060355040a130a7374726f6e677377616e310d300b0603550403130474657374'" into the file ?
>> No, the address file parser does this conversion for you, no need for
>> manual conversion.
>>> It does not work for users that authenticate with a certificate
>> What does not work? Do you get an error?
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users