[strongSwan] ID cert validation required in PSK connections

John A. Sullivan III jsullivan at opensourcedevel.com
Mon Oct 14 22:13:50 CEST 2013

Bump.  Thanks - John

On Sat, 2013-07-27 at 23:49 -0400, John A. Sullivan III wrote:
> Hello, all.  I'm finding some difficulty transitioning from OpenSWAN to
> StrongSWAN.  Most of my connections are internal and so use certs but I
> occasionally must establish an outside connection via PSK.  With OSWAN,
> I typically create a default connection which specifies
> authby=rsasig
> leftrsasigkey=%cert
> leftcert=<cert name>
> leftid=<DN>
> and so forth.  For the PSK, I simply specify in the specific config
> section:
> authby=secret
> leftid=<IP Address>
> and it seems to work.
> In SSWAN, I get complaints that the ID is not validated by the cert.  I
> don't want to put the IP in the subjAltName as they may change.  More
> importantly, if I have specified authby=secret why is it even looking at
> the cert?
> I've tried disabling this cert lookup by adding leftrsasigkey=%none and
> even leftcert="" but none of that seems to work.  How does one get SSWAN
> to ignore the default cert when using PSK? Thanks - John
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users

More information about the Users mailing list