[strongSwan] defining a connection profile using DNS name in the cert's alt subject name cert field

FINLEY, DAVID BRIAN df1672 at att.com
Wed May 5 20:13:19 CEST 2021


Hello,

I have ipsec clients using strongswan that are connecting to a strongswan server and want to setup connection profiles based on info in the subject Alt name string in each clients certificate. The subject Alt name in the client cert looks like this:

X509v3 Subject Alternative Name:
                DNS:zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org

I've tried every variation I can think of using the "id = " parm in swanctl.conf on the server and I cannot seem to get the strongswan server to recognize/match on the subject Alt name in the clients cert. I've tried values including:

id = DNS: zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org
id = zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org
id = FQDN: zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org
id = @ zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org
and others...

Any suggestions?
Thx in advance.

Dave Finley
df1672 at att.com<mailto:df1672 at att.com>
(630) 719-4391  (desk)
(630) 740-5198  (mobile)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210505/c740c5df/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 38294 bytes
Desc: image001.gif
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210505/c740c5df/attachment-0001.gif>


More information about the Users mailing list