Peter, > In the current implementation, what strongswan configuration parameter > corresponds to what gets placed into the IDr?
As discussed, the IDr proposed as initiator is solely based on the rightid (or the subject of a rightcert) parameter. > I suppose it's different from the right_id because the right_id is > usually a URL ending with a ".org", while the APN is a plain text > string name. It's not an URL, it is an IKE identity. An IKE identity has a type and associated binary data. The binary data is type specific. The different types of identities known by IKE are defined at RFC 5996 3.5. Most common types are FQDN, E-Mail or ASN1 Distinguished names. There is no "plain text" type of identity. To encode an APN, you'll have to choose one of the existing types; FQDN is probably just fine. Your spec definitely should say what is to use here. When configuring rightid in ipsec.conf, strongSwan determines the type of the identity automatically. When configuring an APN, it is probably handled as FQDN. Regards Martin _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
