[strongSwan] Multiple hostnames same server cert
andreas.steffen at strongswan.org
Tue Dec 18 19:09:08 CET 2012
while generating your server certificate you can add multiple
ipsec pki --issue ... --san "vpn.foo.com" --san "vpn.bar.com"
If your clients are requesting different IDr identities then
you must define two connections
... # all other parameters
On 18.12.2012 17:03, kgardenia42 wrote:
> wrt. to this guide:
> I have created my server cert for vpn.foo.com as outlined:
> ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert
> s.pem --cakey caKey.pem \
> --dn "C=CH, O=strongSwan, CN=vpn.foo.com" --san="vpn.foo.com" \
> --flag serverAuth --flag ikeIntermediate --outform pem >
> However, I want the *same* VPN server to be accessible by clients as
> *both* vpn.foo.com and vpn.bar.com then how can I accomplish this? Do
> I need a server cert and traffic selector for each one?
> Or is it somehow possible to hang both hostnames off the same server
> cert (preferred)?
> If I need two server certs then can they both use the same CA? I
> assumed so but when I try the above there seems to be some ambiguity
> over which traffic selector is selected (well it appears to be the
> first one in ipsec.conf). Is there a known gotcha there or have I
> just missed something? If so I'll start from scratch.
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users