Hello Andreas, Andreas Steffen wrote: > You should select a Remote ID that is contained in the strongSwan > certificate: Either the subject Distinquished Name or a hostname > or email address defined as a subjectAltName. In principle you > could also put an IP address into a subjectAltName but this is rarely > used.
Thanks for the explanation! Just to make sure I'm on the right track (and rule out possible sources of error): If the subjectAltName = DNS:cray.home.ro, this would be "cray.home.ro", right? Or, alternatively, I could use the DN of leftcert, which would be: "C=DE, ST=BW, L=Stuttgart, O=LeRo, OU=IT Department, CN=vpn.home.ro" (The strongswan log confirms this upon startup: <snip> added configuration 'roadwarrior': %any[C=DE, ST=BW, L=Stuttgart, O=LeRo, OU=IT Department, CN=vpn.home.ro]...%any[%any] </snip>) where the certificate of the gateway was generated using these instructions: <snip> Country Name (2 letter code) [DE]: State or Province Name (full name) [BW]: Locality Name (eg, city) [Stuttgart]: Organization Name (eg, company) [LeRo]: Organizational Unit Name (eg, section) [IT Department]: Common Name (eg, YOUR name) []: vpn.home.ro </snip> Is that correct? And, one final question: if using the subjectAltName or the Subject DN, what kind of "Remote ID type" would that be on the client side? "RCF_822_NAME" or "FQDN"? Cheers, Robert _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
