[strongSwan] ID cert validation required in PSK connections
John A. Sullivan III
jsullivan at opensourcedevel.com
Mon Oct 14 22:13:50 CEST 2013
Bump. Thanks - John
On Sat, 2013-07-27 at 23:49 -0400, John A. Sullivan III wrote:
> Hello, all. I'm finding some difficulty transitioning from OpenSWAN to
> StrongSWAN. Most of my connections are internal and so use certs but I
> occasionally must establish an outside connection via PSK. With OSWAN,
> I typically create a default connection which specifies
> authby=rsasig
> leftrsasigkey=%cert
> leftcert=<cert name>
> leftid=<DN>
>
> and so forth. For the PSK, I simply specify in the specific config
> section:
> authby=secret
> leftid=<IP Address>
>
> and it seems to work.
>
> In SSWAN, I get complaints that the ID is not validated by the cert. I
> don't want to put the IP in the subjAltName as they may change. More
> importantly, if I have specified authby=secret why is it even looking at
> the cert?
>
> I've tried disabling this cert lookup by adding leftrsasigkey=%none and
> even leftcert="" but none of that seems to work. How does one get SSWAN
> to ignore the default cert when using PSK? Thanks - John
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list