[strongSwan] strongswan client configuration

Andreas Steffen andreas.steffen at strongswan.org
Mon Jun 13 13:16:55 CEST 2011

On 06/13/2011 01:07 PM, Alexandre Chapellon wrote:
> Thanks Andreas,
> It now works as expected.
> I added the peer (VON gateway... let's say Moon) certificate generated
> with my self-signed CA.
> I have another question (well a lot in fact):
> When using gnome-nm here is what I need to configure the ipsec tunnel on
> the client (carol) side:
>    - CA Certificate
>    - Carol's Certificate
>    - Carol's Private key
>    - Ask for virtual IP.
As an alternative you could also import Moon's certificate via the
strongSwan NM applet. If you are using the CA method make sure
that the hostname of the moon gateway is contained as a subjectAltName
in moon's certificate.

> When using CLI:
>    - Moon's certificate
>    - Carol's Certificate
>    - Carol's private key
>    - Ask for virtual IP
> How comes it is different?
If moon's certificate is signed by a CA then you don't have to
import moon's cert via rightcert=. Just copy the CA certificate
into /etc/ipsec.d/cacerts and trust will be established into



Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list