[strongSwan] ID parsing

Tobias Brunner tobias at strongswan.org
Mon Aug 15 13:25:41 CEST 2016


Hi Emeric,

> I guess the following configuration:
> 
> ...
> rightid=%any at any.com
> ...
> 
> in ipsec.conf is parsed as an email address equal to "%any at any.com" and not as "any at any.com" + no IDr sending ?
> 
> 
> Am I correct?

No.  The % character is parsed by the stroke plugin before the identity
is created.  So the actual identity is any at any.com and no IDr is sent.
If you have an email address that starts with % you could use the
following to parse it literally:

  rightid=email:%any at any.com

or

  rightid=@@%any at any.com

Regards,
Tobias



More information about the Users mailing list