There is a known issue involving RDN wildcard matching: https://github.com/libreswan/libreswan/issues/335
-Kavinda > -----Original Message----- > From: Swan <[email protected]> On Behalf Of Manfred > Sent: Friday, February 12, 2021 11:29 AM > To: [email protected] > Subject: EXTERNAL: [Swan] Wildcards in rightid DistinguishedName > > Following the example in: > > https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2#ip > sec.conf_for_IKEv2_Machine_Certificate_VPN_server > > where it says: > > > # optional rightid with restrictions > > # rightid="C=CA, L=Toronto, O=Libreswan Project, OU=*, CN=*, E=*" > > I see that wildcards are allowed, but using "... CN=*.example.com" fails to > match "... CN=test.example.com" > > As far as I can see only rightid="... CN=test.example.com" or rightid="... > CN=*" may be used to match this DNS name. > > Is there any way to match partial wildcards for DN components? > > Thanks in advance for any clarification. > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
