[strongSwan] One to Many VPN (Host-Host)
Tobias Brunner
tobias at strongswan.org
Mon Mar 19 18:45:50 CET 2018
Hi,
> I've made its cert with --san quantum-equities.com,cygnus.darkmatter.org, because the LAN gateway is known outside as quantum-equities.com and the IPSec gateway is known in the LAN as cygnus.darkmatter.org.
That syntax is not valid. Just use --san multiple times for each SAN
(as the man page for pki --issue indicates).
> I also tried to set --dn "C=US, O=Quantum, CN=quantum-equities.com,cygnus.darkmatter.org" -- but strongswan pki wasn't having it so I had to settle for just quantum-equities.com.
That's because commas separate RDNs (and `cygnus.darkmatter.org` is no
proper RDN) and strongSwan's DN string parser does not support
multi-value RDNs.
> # swanctl -L
> # swanctl -l
> (no response, for some reason)
Yes, and that reason is: No config has been loaded. Did you run
swanctl --load-conns (-c) or --load-all (-q)?
Regards,
Tobias
More information about the Users
mailing list