[strongSwan] defining a connection profile using DNS name in the cert's alt subject name cert field

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Wed May 5 21:00:25 CEST 2021


Hi,

Please show your whole config and complete logs.

Kind regards
Noel

Am 05.05.21 um 20:13 schrieb FINLEY, DAVID BRIAN:
> *Hello,*
> 
> **
> 
> *I have ipsec clients using strongswan that are connecting to a strongswan server and want to setup connection profiles based on info in the subject Alt name string in each clients certificate. The subject Alt name in 
the client cert looks like this:*
> 
> **
> 
> *X509v3 Subject Alternative Name:*
> 
> *                DNS:zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org*
> 
> **
> 
> *I’ve tried every variation I can think of using the “id = “ parm in swanctl.conf on the server and I cannot seem to get the strongswan server to recognize/match on the subject Alt name in the clients cert. I’ve tried values including:*
> 
> **
> 
> *id = DNS: zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org*
> 
> *id = zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org*
> 
> *id = FQDN: zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org*
> 
> *id = @ zakr3dsegw51.epc.mnc100.mcc313.3gppnetwork.org*
> 
> *and others…*
> 
> **
> 
> *Any suggestions?*
> 
> *Thx in advance. *
> 
> **
> 
> Dave Finley
> 
> df1672 at att.com <mailto:df1672 at att.com>
> 
> (630) 719-4391  (desk)**
> 
> (630) 740-5198  (mobile)
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210505/6c68f376/attachment.sig>


More information about the Users mailing list