[strongSwan] StrongSwan - Ignore rightid from client and use certificate DN

Martin Willi martin at strongswan.org
Mon Sep 30 10:32:26 CEST 2013

Hi Aaron,

> Is there any way to tell StrongSwan 5.x (when a headend) to ignore the ID
> sent by the client, and always use the Certificate DN as the remote ID?

No, currently not. strongSwan always requires that the IKE identity is
contained in the certificate, either as subject DN or as subjectAltName.
This strict binding is required, as we do the configuration lookup
primarily based on the IKE identity, not the certificate.

> If not, is there a fundamental security problem with doing this that I'm
> overlooking?

If you ignore/replace the ID payload completely, that might work.

However, the ID payload is part of the data signed in the AUTH payload.
What ID would you choose for this operation? If you use the certificate
subject, this would be a violation of RFC 5996 and would cause
interoperability issues. If you sign the real ID payload, you wouldn't
bind that signature to the authenticated peer identity, making it
simpler for an attacker to reuse someone else's signature.

> My first thought is that this would actually be *more* secure.

It is certainly more secure than just using the IKE identity without
verifying it. But it is not more secure than what we do in strongSwan.

> It seems like a client could be written to spoof the ID, but spoofing a
> specific Enterprise CA-signed certificate DN would be much harder.

Just spoofing the ID does not help, as the peer must be in the
possession of a private key for a certificate containing that ID.


More information about the Users mailing list