[strongSwan] Using X509 DN for rightid
Michael Durket
durket at highwire.stanford.edu
Mon Jan 28 18:14:47 CET 2013
In the wiki page that specifies a configuration that works for iOS devices (http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) ) it says in the section titled "Install Certificates":
"It is not necessary to keep the client certificate on the server, but it can be useful to use it as an ID (rightcert=clientCert.pem)"
Is the ID referred to the ID that is used to determine (and prevent) multiple connections from the same ID and IP so that if I issued different certificates for a person's different iOS devices I would not need to set "uniqueids=never" in ipsec.conf to allow them to login multiple devices from the same IP?
Do I also need to store the certificate key as shown in the example or is it sufficient to store only the certificate files for the individual users.
More information about the Users
mailing list