[strongSwan] Problem using asymmetric keys against Cisco IOS
Tobias Brunner
tobias at strongswan.org
Thu Dec 10 10:11:44 CET 2020
Hi John,
> I want strongswan to see a key ID of CORS89.
>
> How do I do that?
Reading the linked document thoroughly might have helped. But after
seeing you struggling, I changed the documentation a bit so hopefully
it's clearer now.
> conn Test
> leftid=@#:CORS89
Why the :? And as documented, # is used for comments, so quoting is
necessary.
> conn Test
> leftid="@#:CORS89"
Quotes! But again the :? And as documented, @# expects a hex-encoded
value.
> conn Test
> leftid="#:CORS89"
No idea where you got that syntax from.
> conn Test
> leftid="=CORS89"
This results in KEY_ID because, again as documented, = triggers parsing
of a DN and since that fails, a fallback to KEY_ID (but the value
includes the =).
> conn Test
> leftid="CORS89"
That's what you originally had and that defaults to FQDN.
So to answer your initial question:
leftid=keyid:CORS89
Regards,
Tobias
More information about the Users
mailing list