[strongSwan] net2net cert Scenario.
Leandro Ferr
frr8rrf at gmail.com
Thu Mar 1 21:19:14 CET 2012
Hi everybody,
I'm starting in VPN World, and I want (and need) implement a VPN site-site.
My enviromnt (test) is (like net2net cert):
------- -------- -------- -------
| wksA | ----| gwA | --------- | gwB | ---- | wksB |
------- -------- -------- -------
wksA 192.168.9.2
gwA int - 192.168.9.1
gwA ext - 192.168.10.197
wksB 192.168.8.2
gwB int - 192.168.8.1
gwB ext - 192.168.10.198
The goal is wksA establish connectivity with wksB.
In gwA and gwB I had installed and signed x509 certs. Was created 3 files:
cert.pem
req.pem
key.pem
then, I copied theses files to /etc/ipsec.d/certs
Doubts:
1 - Do I need copy keys between gwA and gwB ?
2 - Based on examples from strongswan.org/Test scenarios, (net2net cert)
the /etc/ipsec.conf session conn net-net is:
leftcert=cert.pem
leftid=@moon.strongswan.org // from site example
but, what really is leftid ? seaching of web I saw the Subject
certificate (OU, CN, ..) in this field. what I have to use ?
Thanks.
--
Jefferson Leandro
Curitiba - BR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120301/bd64bb4d/attachment.html>
More information about the Users
mailing list