[strongSwan] Question about strongSwan configuration using RSA signature
Jorge Ventura
jorge.araujo.ventura at gmail.com
Fri Aug 31 20:11:41 CEST 2012
I have a linux box configured to authenticate by RSA signature using x509
certificate self-signed. My peer is a cisco router ASA-5505.
Both sides have the CA (self signed) certificate authority and they are
using IKEv2 and everything is working but I have one question:
Why do I need to have the certificate from the peer installed locally in
the directory /etc/ipsec.d/certs ??? It's weird to me because the ASA-5505
doesn't have any information about the certificate from the linux box, it's
negotiated at the time of connection. If I remove the directive at
ipsec.conf
pointing to a local certificate copy from the peer, a receive a message:
constraint check failed: identity '10.15.1.1' required
and the connection does not succeed.
I think that my configuration is incomplete.
Thanks,
Ventura
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120831/b01175ba/attachment.html>
More information about the Users
mailing list