[strongSwan] ipsec pool file with certificates

Andreas Steffen andreas.steffen at strongswan.org
Fri Oct 29 10:50:29 CEST 2010 

Unfortunately there is currently no workaround.

Regards

Andreas

On 29.10.2010 09:23, Claude Tompers wrote:
> Thank you for your quick answer.
> Is there no way to escape such characters ? i.e. "ST=n\/a"
> 
> regards,
> Claude
> 
> 
> 
> On Friday 29 October 2010 09:14:43 Andreas Steffen wrote:
>> The '/' and ',' characters are reserved for separating the
>> individual Relative Distinguished Names (RDNs).
>>
>>   openssl x509 -in carolCert.pem -notext -subject
>>
>> returns
>>
>>   subject= /C=CH/O=Linux strongSwan/OU=Research/CN=carol at strongswan.org
>>
>> and which can be used with right|leftid.
>>
>> Thus "ST=n/a" will cause a syntax error.
>>
>> Regards
>>
>> Andreas
>>
>> On 29.10.2010 08:10, Claude Tompers wrote:
>>> Hello Andreas,
>>>
>>> I've tried without the double quotes and it makes no difference for me.
>>> Could it be that I have an invalid character in my DN ? i.e. "ST=n/a"
>>>
>>> The complete DN is C=LU, ST=n/a, L=Luxembourg, O=Fondation RESTENA, CN=Test Certificate
>>>
>>> kind regards,
>>> Claude
>>>
>>>
>>>
>>> On Thursday 28 October 2010 23:59:01 Andreas Steffen wrote:
>>>> Hello Claude,
>>>>
>>>> the Distinguished Names must be written in the address file without
>>>> the double quotes:
>>>>
>>>> moon ipsec.d # cat addresses.txt
>>>> 10.3.0.1
>>>> 10.3.0.2
>>>> 10.3.0.3=C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org
>>>> 10.3.0.4=C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org
>>>> 10.3.0.5
>>>> 10.3.0.6=alice at strongswan.org
>>>> 10.3.0.7=venus.strongswan.org
>>>> 10.3.0.8
>>>>
>>>> ipsec pool --add bigpool --addresses addresses.txt --timeout 0
>>>>
>>>> After setting up a connection each from carol and dave to gateway moon
>>>> and taking it down again I get:
>>>>
>>>> moon ipsec.d # ipsec pool --leases
>>>> name     address         status   start                 end 
>>>>        identity
>>>> bigpool  10.3.0.3        static   Oct 28 23:52:38 2010  Oct 28 23:53:24 
>>>> 2010  C=CH, O=Linux strongSwan, OU=Research, CN=carol at strongswan.org
>>>> bigpool  10.3.0.4        static   Oct 28 23:53:10 2010  Oct 28 23:53:20 
>>>> 2010  C=CH, O=Linux strongSwan, OU=Accounting, CN=dave at strongswan.org
>>>>
>>>> Best regards
>>>>
>>>> Andreas
>>>>
>>>> On 10/28/2010 03:52 PM, Claude Tompers wrote:
>>>>> Hi,
>>>>>
>>>>> I get no error, I just don't get the IP address I reserved. I'm supposed to get 192.168.122.190 (reserved) but I get 192.168.122.129 (the first one in the pool).
>>>>>
>>>>> So I think that the id in the file, does not match the one sent by the client ?
>>>>>
>>>>> regards,
>>>>> Claude
>>>>>

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list