[strongSwan] Identity check for IKEv2/EAP-TLS

Yury Shefer shefys at gmail.com
Fri May 15 18:58:28 CEST 2015


I'm configuring IKEv2/EAP-TLS. Maybe somebody can clarify two things:

1) How StrongSwan verifies peer identity? Should IKE cert common name (AUTH
identity) match EAP-TLS server cert common name (EAP-TLS Identity)? I.e. if
i give to the client single hostname "vpngw.domain.com" - both IKE and
EAP-TLS should have exactly same vpn.domain.com as a CN/identity (and use
same certificate)?

2) Does StrongSwan support multiple hostnames/IP in SubAltName to verify
the identity?

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150515/b8dacb38/attachment.html>

More information about the Users mailing list