[strongSwan] ikev1 mutual certificate authentication

WorkingMan signup_mail2002 at yahoo.com
Mon Sep 30 21:30:54 CEST 2013


Hi, 

I would like to understand how the mutual certificate verification is done in 
strongswan (I understand EAP-TLS is a strong mutual certificate authentication 
and it needs to go back and forth a few time between the two parties)

configuration used:

casert=ca.pem
authby=xauthrsasig
leftvert=vpn.key
leftauth= pubkey
rightauth= pubkey

Based on the log it says:

authentication of <client DN> with RSA successful
authentication of <server DN> (myself) successful

Can you explain exactly the certificate flow since it's all happening on 
server side?

I assume ca.pem can validate client certificate. What does the "(myself)" part 
do to validate itself? I would like to understand that so I can justify our 
configuration.

Thanks, much appreciated





More information about the Users mailing list