[strongSwan] leftID and rightID
nima chavooshi
nima0102 at gmail.com
Sun Sep 25 14:58:36 CEST 2011
Hi
Thanks a lot for your quick reply.
Excuse me for my dummy question.I am some confused.
May you give me more explanation about "subject distinguished name",
"subjectAltName", "subject DN" field on X509 certification?
According to your told, I should define lefid at least, is that true ?
Thanks in advance for any help or guidance
On Sun, Sep 25, 2011 at 2:16 PM, Andreas Steffen <
andreas.steffen at strongswan.org> wrote:
> Hello,
>
> left|rightid *must* be either the subject distinguished name or
> a subjectAltName extension contained in the certificate. If you
> don't define leftid or if leftid is not defined in the certificate
> then automatically the subject DN is assumed as a default.
>
> As a responder you can define rightid=%any, in that case any
> peer with a trusted and non-revoked certificate will be accepted.
>
> Regards
>
> Andreas
>
> On 09/25/2011 10:40 AM, nima chavooshi wrote:
> > Hi
> > I have setup strongswan and I could establish secure connection with 2
> > nodes without any problem.
> > My connection config is :
> >
> > conn net-net
> > left=30.0.2.2
> > leftcert=peer1.crt
> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
> > rightsubnet=30.0.2.0/24 <http://30.0.2.0/24>
> > right=30.0.2.1
> > leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"
> > rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"
> > keyexchange=ikev2
> > type=tunnel
> > auth=ah
> > auto=add
> >
> > My concern about leftID and rightID options. I could not establish
> > connection without them.related values I derive from certificates. May
> > give me more information about possible values that I can set for these
> > parameters?
> > If I do not want use leftid or rightid, what option do I set instead of
> > them?
> >
> > Thank in advance
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110925/04d90531/attachment.html>
More information about the Users
mailing list