[strongSwan] [Strongswan] SubjectAltname given in leftid not going in IDi payload

Sriram sriram.ec at gmail.com
Tue Aug 19 07:51:44 CEST 2014


Hi,

This issue got solved by having    subjectAltName  =  email:
123456789ABC at abc.com' in the certificate.
Earlier it was subjectAltName = DNS:123456789ABC at abc.com'...
It is rightly said by strongswan that it is not a valid DN.

Regards,
Sriram



On Thu, Aug 14, 2014 at 8:38 PM, Sriram <sriram.ec at gmail.com> wrote:

> Hello,
>
> I am trying to establish ipsec tunnel using certificate authentication. I
> am using strongswan 5.1.1 on both the peers.
>
> I have configured leftid parameter in ipsec.conf to be
>
> leftid = <subject Altname from certificate>
>
> Here subject Altname is the FQDN.
>
> On both the peers I have configured left id as above.
>
> IKE_AUTH happens and tunnel gets established. However in IDi payload,
> Subject Altname is not going, instead Full Subject name is exchanged.
>
> Can u please let me know the reason behind this ? In between I saw the
> below log,
>
> 2014-08-14T13:12:29+00:00 (none) charon: 05[CFG]   id '
> 123456789ABC at abc.com' not confirmed by certificate, defaulting to 'C=IN,
> ST=KAR, L=BLR, O=ABC,OU=Networking, CN=123456789ABC..
>
> How to overcome this situation ?
>
> Regards,
> Sriram
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140819/20a011a3/attachment.html>


More information about the Users mailing list