[strongSwan] Strongswan Configuration Question

Martin Willi martin at strongswan.org
Thu Apr 24 10:23:43 CEST 2014


Hi Edward,

> I intentionally desire such a mis-match, so I searched
> for any configuration option to allow this.  I believe that no such
> configuration option exists and that a patch to the source would be needed,
> correct?

Yes. You may have a look at the two commits from [1]. They introduce a
charon.cert_id_binding strongswan.conf option. If set to "no", the IKE
identity may be different from the identities in the used certificate.

Due to the security implications, we have not planned to mainstream
these changes.

Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/cert-id-binding-option



More information about the Users mailing list