Hi, > Gateway address: 192.168.0.1 > Gateway certificate: cacert.pem
There is no option to configure the gateway identity on the client, as it should be as simple as possible to set up a connection. But for authentication with CA certificate, the client MUST enforce a specified gateway identity; otherwise any certificate holder could act as a your VPN gateway. To solve this problem, the entered gateway address is also used as the gateways identity if you configure a CA certificate. This is very similar to the way Windows 7 is doing it. If you configure the gateway certificate directly, the certificates identity is used as gateway identity. So if you want to distribute CA certificates to your clients, you'll have to configure your gateway identity with the identity your clients enter in the address field (IP or FQDN). Additionally, strongSwan on the gateway side requires that this identity is contained in your certificate as subjectAltName. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
