[strongSwan] ikev1 mutual certificate authentication
WorkingMan
signup_mail2002 at yahoo.com
Mon Sep 30 21:30:54 CEST 2013
Hi,
I would like to understand how the mutual certificate verification is done in
strongswan (I understand EAP-TLS is a strong mutual certificate authentication
and it needs to go back and forth a few time between the two parties)
configuration used:
casert=ca.pem
authby=xauthrsasig
leftvert=vpn.key
leftauth= pubkey
rightauth= pubkey
Based on the log it says:
authentication of <client DN> with RSA successful
authentication of <server DN> (myself) successful
Can you explain exactly the certificate flow since it's all happening on
server side?
I assume ca.pem can validate client certificate. What does the "(myself)" part
do to validate itself? I would like to understand that so I can justify our
configuration.
Thanks, much appreciated
More information about the Users
mailing list