[strongSwan] leftID and rightID
Andreas Steffen
andreas.steffen at strongswan.org
Sun Sep 25 12:46:02 CEST 2011
Hello,
left|rightid *must* be either the subject distinguished name or
a subjectAltName extension contained in the certificate. If you
don't define leftid or if leftid is not defined in the certificate
then automatically the subject DN is assumed as a default.
As a responder you can define rightid=%any, in that case any
peer with a trusted and non-revoked certificate will be accepted.
Regards
Andreas
On 09/25/2011 10:40 AM, nima chavooshi wrote:
> Hi
> I have setup strongswan and I could establish secure connection with 2
> nodes without any problem.
> My connection config is :
>
> conn net-net
> left=30.0.2.2
> leftcert=peer1.crt
> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> rightsubnet=30.0.2.0/24 <http://30.0.2.0/24>
> right=30.0.2.1
> leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"
> rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"
> keyexchange=ikev2
> type=tunnel
> auth=ah
> auto=add
>
> My concern about leftID and rightID options. I could not establish
> connection without them.related values I derive from certificates. May
> give me more information about possible values that I can set for these
> parameters?
> If I do not want use leftid or rightid, what option do I set instead of
> them?
>
> Thank in advance
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list