[strongSwan] left/right id question

Andreas Steffen andreas.steffen at strongswan.org
Wed Feb 23 16:51:54 CET 2011

The ID does not have to match any actual hostname, external dns name
or IP address. If you are using certificate base authentication
then hostnames or IP addresses must be contained as subjectAltNames
in the certificate.



On 02/23/2011 04:40 PM, Gary Smith wrote:
> Does the ID need to be the actual hostname, external dns name, or
> just the name matching the cert. We use .local internally (based on
> an SBS install) so by default we generate hostnames/dns entries based
> on .local. We do have a public external name for the vpn endpoints. I
> just don't know if it matters or now to strongSwan.
> Thanks,
> Gary Smith

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list