[strongSwan] Using existing CA for strongSwan; Way to specify which client certs are valid for VPN?

Igor Sverkos igor.sverkos at googlemail.com
Mon Apr 29 19:10:02 CEST 2013


we want to use our existing CA for strongSwan, too.

As fair as I understand, every certificate signed by our existing CA
could also be used for VPN, right?

That's not what we want. We want to control which certificate can be
used for VPN. The reason we want this is to be able to control who is
allowed to use the VPN.

Is there a way to do that without creating an own CA just for
strongSwan? For example can I tell strongSwan to only allow clients
which client certificates are also stored in /etc/ipsec.d/certs?


More information about the Users mailing list