[strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication

Noel Kuntze noel at familie-kuntze.de
Tue Jul 19 20:32:09 CEST 2016


Hello Tom,
 
> So, there is no way to configure a right IKE IDi value with the initiator's IPv4 address and a separate FQDN to match against the received certificates' Subject value?

No. The ID has to be authenticated by the certificate. And no, the subject value isn't necessarily used. The ID can also be in a SAN field.

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160719/dfe4844e/attachment.sig>


More information about the Users mailing list