[strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication
FORTMANN, TOM
tf990d at att.com
Tue Jul 19 20:22:18 CEST 2016
Noel,
Thank you for the quick response.
So, there is no way to configure a right IKE IDi value with the initiator's IPv4 address and a separate FQDN to match against the received certificates' Subject value?
Tom
-----Original Message-----
From: Noel Kuntze [mailto:noel at familie-kuntze.de]
Sent: Tuesday, July 19, 2016 1:16 PM
To: FORTMANN, TOM <tf990d at att.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication
Hello Tom,
> I should also state that I have limited control over the TeraVM setup, and from what I am being told we cannot change the ID value sent in the IKEv2 flows.
>
>
>
> Can anyone help with this setup? This is for a test, not production, so if there is a simple way to tell strongswan to simply accept any certificate authentication – that would be perfect.
>
No. strongSwan does not allow insecure configurations. Fix your appliances or whatever that is.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
More information about the Users
mailing list