[strongSwan] strongswan android app fails to connect when cert SAN contains DNS

SM K sacho.polo at gmail.com
Wed Aug 7 20:39:12 CEST 2013


I am trying to establish an IPSEC tunnel from the android strongswan app to
a gateway using a name as in "xyz.mycompany.com". The authentication is
using certificates. The gateway certificate has a Subject Alt Name as
"DNS:*.mycompany.com, DNS:mycompany.com" .

This causes the android app to fail connection as the constraint check
against gateway fails.  This ofcourse works fine when the cert contains the
full domain name or the ip address.

We have other setups where this kind of thing works. I wanted to check if
this kind of thing is supported or not.

The logs from the strongswan app say the following.
cfg : constarint check failed: identity xyz.mycompany.com required
selected peer config android inacceptable: constaint check failed

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130807/2724861a/attachment.html>

More information about the Users mailing list