[strongSwan] leftid in "non-default conn" ignored

Tobias Brunner tobias at strongswan.org
Fri Dec 2 09:02:57 CET 2011

Hi Diego,

First, what's your strongSwan version?

If you configure this:

> conn LabMPLS-site1
>         ...
>         leftid=@site1.example.com
>         leftcert=site1.pem

Do you by any chance see a log message like "id 'site1.example.com' is
not confirmed by certificate, defaulting to 'C=AR, ...'" when you start
charon?  This would happen if the ID does not match the certificate's
subject and is not contained in one of its subjectAltNames.
If you do, it is strange that the same thing wouldn't happen if you
moved leftid to %default.

> LabMPLS-site1:   local:  [site1.example.com] uses public key authentication

Was that really the only thing you changed?  Could you send me the two
config files that demonstrate this problem?


More information about the Users mailing list