[strongSwan] Certificate-based IPsec tunnel failing to complete

Regel, Julian (CSS) Julian.Regel at capita.co.uk
Fri Jul 5 14:00:18 CEST 2019


[sorry - previously replied to single poster, not the list]

Thanks for the pointer. I've got it working!

The Cisco ASA appears to send the Distinguished Name as its identifier, so changing:

id = vpntest.example.com


id = "C=UK, ST=Example, O=Example, OU=Example, CN=vpntest.example.com"


The key to solving this is understanding what the remote end is sending, and this appears to vary depending on device.

Hopefully this information will be useful to others too.



You are receiving this message from Capita Software. Should you wish to see how we may have collected or may use your information, or view ways to exercise your individual rights, see our Privacy Notice<https://www.capitasoftware.com/PrivacyNotice>

This email is security checked and subject to the disclaimer on web-page: http://www.capita.co.uk/email-disclaimer.aspx

More information about the Users mailing list