On Tue, 28 Nov 2017, Computerisms Corporation wrote:
I think we are good to wait a bit till you can get it pushed out...
You can grab 3.23rc1 now that contains the code for this. download.libreswan.org/development/
and just to say this back to you to make sure that I understand; I would set up two firewall certs and import them into nss, and setup a conn for each with matching leftids; then have two DNS entries matching each cert name/left id, and configure the clients to connect via their respective DNS entries? or is there another way to make windows connect to the correct conn based on leftid?
Yes, see this test case: https://github.com/libreswan/libreswan/tree/master/testing/pluto/ikev2-x509-18-multicert-rightid in east.conf, you see it has two conns with different cert/ids. in west.conf you see it is connecting to one of them. If you run the test, it shows that east is "switching" from guessing the wrong one first to the right one. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
