[strongSwan] ID cert validation required in PSK connections

John A. Sullivan III jsullivan at opensourcedevel.com
Sun Jul 28 05:49:39 CEST 2013

Hello, all.  I'm finding some difficulty transitioning from OpenSWAN to
StrongSWAN.  Most of my connections are internal and so use certs but I
occasionally must establish an outside connection via PSK.  With OSWAN,
I typically create a default connection which specifies
leftcert=<cert name>

and so forth.  For the PSK, I simply specify in the specific config
leftid=<IP Address>

and it seems to work.

In SSWAN, I get complaints that the ID is not validated by the cert.  I
don't want to put the IP in the subjAltName as they may change.  More
importantly, if I have specified authby=secret why is it even looking at
the cert?

I've tried disabling this cert lookup by adding leftrsasigkey=%none and
even leftcert="" but none of that seems to work.  How does one get SSWAN
to ignore the default cert when using PSK? Thanks - John

More information about the Users mailing list