Re: keys only auth I'm following this guide:
https://libreswan.org/wiki/Host_to_host_VPN Which is under: https://libreswan.org/wiki/Configuration_examples As you can see it uses NSS for key generation and storage. I actually got rsa key auth to work with StrongSwan but it seems less stable than Libre (was dropping connections and slow to re-establish). Yes I know the syntax for adding alt subject names, thanks. The problem is Mikrotik wants something specific there (from server cert) and I can't figure out what, it seems undocumented. Some people say it wants an email address (any email address) but that didn't work. Anyway to keep from straying too far... ...has anyone used rsa key *only* auth with Libre where the other side was a different system (not Libre)? How did you manage your keys? Any suggestions on keys management? -- Kostya Vasilyev [email protected] On Wed, Jan 23, 2019, at 5:41 PM, Derek Cameron wrote: > Yes, my use case included both the certificate and the private key for > the client. I have never heard of authentication with only a key and > no certificate, except in the case of a preshared key (PSK). I added > the subjectAltName to the client certificate with the -8 switch. e.g. > > certutil -S -c "ExampleCA" -n "client1.example.com" -s > "O=Example,CN=client1.example.com" -k rsa -v 12 -d sql:test -t ",," -1 > -6 -8 "client1.example.com" > > On Wed, Jan 23, 2019 at 6:27 AM Kostya Vasilyev <[email protected]> wrote: > > > > Were you exporting keys that are part of some certificates? _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
