[strongSwan] Discrepancy in distinguished name for x.509 authentication

Yogesh Purohit yogeshpurohit2 at gmail.com
Fri Jan 18 04:50:29 CET 2019


Hi Tobias,

Thanks for the reply.

Yes, I mean to say only 'E' is expected instead of 'emailAddress'.
Anything other then 'E' is not getting matched with peerid received by
strongswan and hence 'no peer found' (tunnel is not established).

To make it work I had to configure 'E' for emailAddress in rightid field of
ipsec.conf.

I know it is not a big issue and it is working for me with 'E', but ideally
it should work with exact Subject of x.509 certificate which has
'emailAddress' as the field.

On Thu, Jan 17, 2019 at 7:47 PM Tobias Brunner <tobias at strongswan.org>
wrote:

> Hi Yogesh,
>
> > so I tried configuring right id as strongswan is expecting, and tunnel
> was established.
>
> You mean with E instead of emailAddress?  No other changes?
>
> > So why is strongswan not using complete '*emailAddress*' field of
> > Subject distinguished name and only '*E*' instead ?
>
> emailAddress should be an alias for E.  So not sure what went wrong
> initially.
>
> Regards,
> Tobias
>


-- 
Best Regards,

Yogesh Purohit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190118/1784facf/attachment.html>


More information about the Users mailing list