[strongSwan] understanding %fromcert

Daniel Pocock daniel at pocock.com.au
Mon Jul 15 13:25:45 CEST 2013

On 15/07/13 12:51, Andreas Steffen wrote:
> Hello Daniel,
> leftid=%fromcert
> is an OpenSwan option not supported by strongSwan. The strongSwan
> configuration is
>   leftcert=carolCert.pem
>   leftid=carol at strongswan.org
> or simply
>   leftcert=carolCert.pem
> If leftid is missing then left, i.e. the IP address is chosen by
> default for leftid but since the IP address usually is not
> contained as a subjectAltName in the certificate, the fallback
> is for leftid to assume the value of the subject Distinguished
> Name as e.g.
>   leftid="C=CH, O=strongSwan, CN=carol at strongswan.org"

So the subjectAltName will only be used if
a) leftid=@hostname.example.org and
b) hostname.example.org is in the subjectAltName in the cert?

Do you think it would be useful to add some explicit variables for this,
e.g. allowing users to specify:




More information about the Users mailing list