[strongSwan] leftid in "non-default conn" ignored
Tobias Brunner
tobias at strongswan.org
Fri Dec 2 09:02:57 CET 2011
Hi Diego,
First, what's your strongSwan version?
If you configure this:
> conn LabMPLS-site1
> ...
> leftid=@site1.example.com
> leftcert=site1.pem
Do you by any chance see a log message like "id 'site1.example.com' is
not confirmed by certificate, defaulting to 'C=AR, ...'" when you start
charon? This would happen if the ID does not match the certificate's
subject and is not contained in one of its subjectAltNames.
If you do, it is strange that the same thing wouldn't happen if you
moved leftid to %default.
> LabMPLS-site1: local: [site1.example.com] uses public key authentication
Was that really the only thing you changed? Could you send me the two
config files that demonstrate this problem?
Regards,
Tobias
More information about the Users
mailing list