[strongSwan] leftcert, leftid override
Igmar Palsenberg
igmar at palsenberg.com
Mon Jun 10 16:53:41 CEST 2019
Hi,
I'm trying to connect to a remote IPSEC GW, which setup is based on
certificates.
The left cert is stored on a smartcard, the right cert is stored in FS.
relevant snippets :
leftsourceip=%config
leftcert=%smartcard:aec59363da7ddf6e1a0c4794d8918b130cd179ff
leftsendcert=always
leftid="<redacted>"
right=1.1.1.1
rightsubnet=10.0.0.0/8
rightcert=rightcert.pem
rightid=1.1.1.1
1.1.1.1 is not part of the cert data in rightcert, so StrongSwan rejects
it :
4[CFG] id '1.1.1.1' not confirmed by certificate, defaulting to
'O=<redacted>,
CN=<redacted>'
so connecting ends up in
16[IKE] IDir '1.1.1.1' does not match to
'O=<redacted>,
CN=<redacted>'
Is there a way to tell Strongswan to accept the IP the remote sends, even
if it's not in the certificate ? I'm more then happy to settle for any
IPv4 address it sends.
Regards,
Igmar
More information about the Users
mailing list