Hello I just upgraded from Libreswan 3.20 to 3.23, and the connection I was using was broken. I’m seeing these messages in the logs:
“tunnel3" #396: certificate verified OK: CN=abcd,OU=CM,O=“Foo Inc.",L=Seattle,ST=WA,C=US “tunnel3" #396: certificate does not contain subjectAltName=client “tunnel3" #396: Peer public key SubjectAltName does not match peer ID for this connection I’ve been using leftid=@client in my configuration files to match incoming connections. This cannot be changed, as I need some way for a server-like machine to determine which incoming IPsec offering goes with which configuration. The mechanism I’m using to generate certificates doesn’t provide an option for SubjectAltName. Is there anything I can do, while I figure out a longer term plan, to rectify this situation? Otherwise I’ll have to downgrade my Libreswan distribution or look into a different IPsec offering. -- cm
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
