[strongSwan] leftID and rightID

Andreas Steffen andreas.steffen at strongswan.org
Sun Sep 25 12:46:02 CEST 2011


left|rightid *must* be either the subject distinguished name or
a subjectAltName extension contained in the certificate. If you
don't define leftid or if leftid is not defined in the certificate
then automatically the subject DN is assumed as a default.

As a responder you can define rightid=%any, in that case any
peer with a trusted and non-revoked certificate will be accepted.



On 09/25/2011 10:40 AM, nima chavooshi wrote:
> Hi
> I have setup strongswan and I could establish secure connection with 2
> nodes without any problem. 
> My connection config is :
> conn net-net
>       left=
>       leftcert=peer1.crt
>       leftsubnet= <>
>       rightsubnet= <>
>       right=
>       leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"
>       rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"
>       keyexchange=ikev2
>       type=tunnel
>       auth=ah
>       auto=add
> My concern about leftID and rightID options. I could not establish
> connection without them.related values I derive from certificates. May
> give me more information about possible values that I can set for these
> parameters?
> If I do not want use leftid or rightid, what option do I set instead of
> them?
> Thank in advance 

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list