[strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication
FORTMANN, TOM
tf990d at att.com
Tue Jul 19 20:37:48 CEST 2016
Noel,
Thank you again. I will push back on our TeraVM guys to fix/change their configuration.
Tom
-----Original Message-----
From: Noel Kuntze [mailto:noel at familie-kuntze.de]
Sent: Tuesday, July 19, 2016 1:32 PM
To: FORTMANN, TOM <tf990d at att.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Need help configuring a test environment with IKEv2 and certificate authentication
Hello Tom,
> So, there is no way to configure a right IKE IDi value with the initiator's IPv4 address and a separate FQDN to match against the received certificates' Subject value?
No. The ID has to be authenticated by the certificate. And no, the subject value isn't necessarily used. The ID can also be in a SAN field.
--
Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze
GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
More information about the Users
mailing list