[strongSwan] Strongswan Configuration Question

Edward Morris edmorris at gossamersec.com
Wed Apr 23 17:14:43 CEST 2014


I wish to test a VPN Client's ability to handle an invalid ID.  While using
strongswan, the logs showed an error message of " id '<fqdn>' not confirmed
by certificate, defaulting to '<cert_subject>' ".

I found from an earlier strongSwan mailing list response that "If both
leftid and leftcert are specified, leftid has to match the subject or one of
the subjectAltNames of the certificate, otherwise it defaults back to the

However, in my case, I intentionally desire such a mis-match, so I searched
for any configuration option to allow this.  I believe that no such
configuration option exists and that a patch to the source would be needed,


More information about the Users mailing list