[strongSwan] Newbie: setting up VPN server for mobile devices using strongswan 5.x
martin at strongswan.org
Thu Jun 28 10:12:38 CEST 2012
IKE identities must be contained in the certificate used for
authentication, either as subject DN or as subjectAltName.
> 11[CFG] id 'snowmane' not confirmed by certificate, defaulting to
> 'C=US, O=snowmane, CN=snowmane.mydomain.edu'
> 11[CFG] id 'client' not confirmed by certificate, defaulting to
> 'C=US, O=snowmane, CN=client'
The configured identities are not, hence they get replaced by the
certificate subject DN.
> 02[CFG] <1> looking for XAuthInitRSA peer configs matching
> O=strongSwan, CN=client]
Your client uses "C=US, O=strongSwan, CN=client" as identity. This does
not match to your "C=US, O=snowmane, CN=client" configuration in place,
hence the configuration does not match.
More information about the Users