[strongSwan] Identity check for IKEv2/EAP-TLS
Yury Shefer
shefys at gmail.com
Fri May 15 18:58:28 CEST 2015
Hi,
I'm configuring IKEv2/EAP-TLS. Maybe somebody can clarify two things:
1) How StrongSwan verifies peer identity? Should IKE cert common name (AUTH
identity) match EAP-TLS server cert common name (EAP-TLS Identity)? I.e. if
i give to the client single hostname "vpngw.domain.com" - both IKE and
EAP-TLS should have exactly same vpn.domain.com as a CN/identity (and use
same certificate)?
2) Does StrongSwan support multiple hostnames/IP in SubAltName to verify
the identity?
--
Thank you,
Yury.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150515/b8dacb38/attachment.html>
More information about the Users
mailing list