Hi Ashish, in ipsec.conf set
plutodebug="control parsing raw" and send me the resulting log after you tried to set up the connection. Regards Andreas ashish mahalka wrote: > Thanks Andreas for this. > > I tried using just CN=AXC/ROOT/#12345 > but this doesnt work. I got a error from strongswan saying INVALID_ID. > > I am not sure what is the mistake here. > > Thanks > Ashish. > > On Thu, Dec 24, 2009 at 2:12 PM, Andreas Steffen > <[email protected] <mailto:[email protected]>> > wrote: > > Hello Ashish, > > you must write a subject DN in the exact order of its RDNs how they > are stored in the certificate. I suspect in your case this order is > > "DC=axcroot009, OU=root, CN=root axc abc def" > > Regards > > Andreas > > ashish mahalka wrote: > > Hi, > > > > I would like to know what are the various ways in which I can give the > > subject name of the certificate so that when I specify this in the > > rightid in ipsec.conf, strongswan does not give any problem. > > > > When I specified the subject name as below in my certificate: > > "CN=root axc abc def, OU=root, DC=axcroot009" > > > > strongswan was not able to locate its peer with the above id. Do you > > think it is problem related to the way subject name is given or > there is > > some other problem. > > > > The certificates are being generated through some application and > there > > is no option in it to specify the subjectAltName. I can only give the > > subject name. > > > > Regards > > Ashish ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
