[strongSwan] StrongSwan - Ignore rightid from client and use certificate DN

Aaron Edwards aedwards at ebob9.com
Fri Sep 27 20:57:52 CEST 2013


Hi all,

Fairly new user here - question about StrongSwan configuration and
Certificate authentication.

Is there any way to tell StrongSwan 5.x (when a headend) to ignore the ID
sent by the client, and always use the Certificate DN as the remote ID?
I've gone through the docs and mailing list, and cant seem to find anything
for the current version.

If not, is there a fundamental security problem with doing this that I'm
overlooking? My first thought is that this would actually be *more* secure.
It seems like a client could be written to spoof the ID, but spoofing a
specific Enterprise CA-signed certificate DN would be much harder.

Thanks,
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130927/f8f14f2d/attachment.html>


More information about the Users mailing list