[strongSwan] leftID and rightID
andreas.steffen at strongswan.org
Sun Sep 25 12:46:02 CEST 2011
left|rightid *must* be either the subject distinguished name or
a subjectAltName extension contained in the certificate. If you
don't define leftid or if leftid is not defined in the certificate
then automatically the subject DN is assumed as a default.
As a responder you can define rightid=%any, in that case any
peer with a trusted and non-revoked certificate will be accepted.
On 09/25/2011 10:40 AM, nima chavooshi wrote:
> I have setup strongswan and I could establish secure connection with 2
> nodes without any problem.
> My connection config is :
> conn net-net
> leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> rightsubnet=18.104.22.168/24 <http://22.214.171.124/24>
> leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"
> rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"
> My concern about leftID and rightID options. I could not establish
> connection without them.related values I derive from certificates. May
> give me more information about possible values that I can set for these
> If I do not want use leftid or rightid, what option do I set instead of
> Thank in advance
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users