[strongSwan] Dynamic IP to VPS site-to-site

Noel Kuntze noel at familie-kuntze.de
Thu Dec 25 20:36:01 CET 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello Eric,

You can use email adresses in the DN and the SAN fields of the certificate of the router to authenticate it against the server.
Example: ipsec pki --issue [...] --dn "C=DE, O=FooBar Corp, CN=bar at baz.de" --san "bar at baz.de"

Then set the email address in the rightid on the server.

Mit freundlichen Grüßen/Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

Am 25.12.2014 um 07:06 schrieb Eric Zhang:
> Yes,my local side is ADSL which has dynamic ip,can I setup certs to authenticate?
>
> Sent from Mobile
>
>
>> On 2014年12月24日, at 22:45, Zesen Qian <strongswan-users at riaqn.com> wrote:
>>
>> Noel Kuntze <noel at familie-kuntze.de> writes:
>>
>>> Hello Eric,
>>>
>>> See [1] for authentication using X509 certificates and site-to-site tunnels.
>>>
>>> [1] http://www.strongswan.org/uml/testresults/ikev2/net2net-cert/
>>>
>>> Mit freundlichen Grüßen/Regards,
>>> Noel Kuntze
>>>
>>> GPG Key ID: 0x63EC6658
>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>>>
>>>> Am 24.12.2014 um 00:42 schrieb Eric Zhang:
>>>> How can I use  RSA authentication with X.509 certificates to setup ip tunnel between my PPPoE to VPS (which has fix IP)?
>>>>
>>>> Thanks
>>>>
>>>> Eric
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>> Hello Noel,
>>      I guess the question Eric want to ask is mainly about site-to-site
>>      with "dynamic IP" on one side, while the other side has fixed IP.
>>      I 'm also eager to know since it's my situation too. :) My IPv6
>>      address is dynamic.
>>      If I ommit the left= paramter, which defaults to %any, it
>>      sometimes(and randomly) would use ::1 on local, which surely
>>      won't success. Other times it would use the global address which
>>      works just find.
>>
>> --
>> Zesen Qian (钱泽森)
>> Undergraduate
>> School of Software
>> Shanghai Jiao Tong University

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUnGchAAoJEDg5KY9j7GZYqOwQAIaKV6xWLlgn/jVTXkh8PvBB
Ms+WZLHtI6uZYR/9jXFf/eCtZNP+niuSGIjTnwcyOsUslG/RBi/IjhOP1dECaghx
iPvopqDf/e8Nq1OY57hMQT/R1GzNxfwtzJYhDP+w8xkDshS2nWMZEj/kXDyVW2LS
e6+PWPDqflPVp5RPXW8iPt8WL69ITyv+sTkuJvTNI35FRUN+N0hD4PGGUDbEISjr
OTweAlwRkp1+4gRfkYI9ys5RRKkr4DPUF15FQ+ld12JqvAzH3QtKSKtmp1xbiUko
6m5C8TujSMz/Wn08CRB+na7vuixwHcxrcdvQJzuzBkLvaN7+qtvqz5fnvBMb1wNq
pxbN9QUqGc5DpTW1s8+vNmd6usLcPMmB5iWte7Cf8Z5mKNZyyoqiiglvAuy36LU/
HEi2P3dNgXXKcuhMZNBkh8We3/QQ5ZX0XeimDQlr92Fw1ctThcKJWYm/bp7KW+lI
1uGyFuv/sbNFYEn1NjQi4bkimImzsA6Fj4838MLSadINC/h89c67PPqEO68iVUjj
0cGzyTXyWawrNTazHGl6YemyGFFoiOA7lodToCxigfDplkFTRUplBm1aXdZ802bX
tJNJoOiGcNMzfxq+mPU74c+jAcVhX/wGGgl1XYpL9hseMCHqoOKMQ4+KkzH/dRFo
RAVGDbWjjg5RLwMVGfyu
=2L6u
-----END PGP SIGNATURE-----




More information about the Users mailing list