[strongSwan] understanding %fromcert
andreas.steffen at strongswan.org
Mon Jul 15 12:51:25 CEST 2013
is an OpenSwan option not supported by strongSwan. The strongSwan
leftid=carol at strongswan.org
If leftid is missing then left, i.e. the IP address is chosen by
default for leftid but since the IP address usually is not
contained as a subjectAltName in the certificate, the fallback
is for leftid to assume the value of the subject Distinguished
Name as e.g.
leftid="C=CH, O=strongSwan, CN=carol at strongswan.org"
On 15.07.2013 12:38, Daniel Pocock wrote:
> I notice the ipsec.conf man page found in Google states that %fromcert
> uses the DN:
> while the wiki page doesn't mention %fromcert but talks about "%":
> Can somebody clarify this? In particular, if there is both a DN and one
> or more subjectAltName values, how does it choose which one to send?
> Will it try them all?
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
More information about the Users