[strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication
noel at familie-kuntze.de
Tue Jul 19 20:32:09 CEST 2016
> So, there is no way to configure a right IKE IDi value with the initiator's IPv4 address and a separate FQDN to match against the received certificates' Subject value?
No. The ID has to be authenticated by the certificate. And no, the subject value isn't necessarily used. The ID can also be in a SAN field.
Mit freundlichen Grüßen/Kind Regards,
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 851 bytes
Desc: OpenPGP digital signature
More information about the Users