[strongSwan] FQDN based certificate authentication for ikev2

Andreas Steffen andreas.steffen at strongswan.org
Mon Apr 2 12:18:43 CEST 2012

Hi Reshma,

by default the certificate's subjectDistinguishedName is used as
an ID. There is no mechanism to automatically assign subjectAltNames.

What should we do if several subjectAltNames exist?



On 02.04.2012 11:14, Reshma Begam wrote:
> Hi Andreas,
>  Thanks for the response and this works. 
> Also, how can we assign identity info from cert files to  leftid/rightid
> ?  instead of explicitly defining them.
> Example:  I am looking something like leftid=%fromcert
> leftid=%fromcert and leftid=%leftcert -->  I tried both these options on
> responder side instead of   leftid=cla.atca.nsn.com
> <http://cla.atca.nsn.com/>, but it doesn't work.
> Could you please comment what should be the wild card entries on both
> sides to acheive this assignments using certs?
> Thanks,
> Reshma

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120402/1fa0f95b/attachment.bin>

More information about the Users mailing list