On Thu, 29 Sep 2016, Sergey Mihailov wrote:
Sorry, I can incorrectly written, but I have a couple of questions on
documentation
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_Certificates
1.
...
leftcert=vpn.example.com
[email protected]
...
Example create its server certificate ?
There are various tools you can use to generate certificates. openssl,
or nss's certutil, or xca or tinyCA2, etc etc.
You can find the example code we use to generate our test certficates
herE:
https://github.com/libreswan/libreswan/blob/master/testing/x509/dist_certs.py
2.
...
right=%any
rightid=%fromcert
rightrsasigkey=%cert
...
line rightrsasigkey=%cert exclude line rightid=%fromcert ?
You should be able to omit the rightrsasigkey= line if you are using
leftcert= already.
P.S. libreswan support EAP ? Please example config its ...
Unfortunately, no. all EAP code is openssl/wpa_supplicant based,
and libreswan uses NSS. So we have not yet written all the code
needed for EAP support.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
