[strongSwan] ID cert validation required in PSK connections
John A. Sullivan III
jsullivan at opensourcedevel.com
Sun Jul 28 05:49:39 CEST 2013
Hello, all. I'm finding some difficulty transitioning from OpenSWAN to
StrongSWAN. Most of my connections are internal and so use certs but I
occasionally must establish an outside connection via PSK. With OSWAN,
I typically create a default connection which specifies
authby=rsasig
leftrsasigkey=%cert
leftcert=<cert name>
leftid=<DN>
and so forth. For the PSK, I simply specify in the specific config
section:
authby=secret
leftid=<IP Address>
and it seems to work.
In SSWAN, I get complaints that the ID is not validated by the cert. I
don't want to put the IP in the subjAltName as they may change. More
importantly, if I have specified authby=secret why is it even looking at
the cert?
I've tried disabling this cert lookup by adding leftrsasigkey=%none and
even leftcert="" but none of that seems to work. How does one get SSWAN
to ignore the default cert when using PSK? Thanks - John
More information about the Users
mailing list