Hi Daniel, Yes, you are correct. I know the remote IP address but dont know the DN of the remote peer. If I remember correctly, when using DN wildcards, I was getting error which said "cannot initiate connection with wildcards". I am using strongswan 4.3.4.
Can you tell me what version of strongswan u r using ? Also, would it be possible to establish the connection if we specify rightid="/CN=*/", though the DN of the peer contains all the values( I mean C, ST, O,...) If possible, can you please test on your setup, if specifying rightid="C=*, ST=*, O=*, OU=*, CN=*, E=*" like this establishes the connection. Thanks in advance! regards, Ashish. On 1/19/10, Daniel Mentz <[email protected]> wrote: > Hi Ashish, > > here are my test results: > > You can't use right=1.2.3.4 and right=%any at the same time i.e. you > can't specify an IP address for the remote end and use %any for the ID. > > However, DN wildcards appear to work ok. I just spotted a typo in your > original mail: > > rightid="C*, ST=*, O=*, OU=*, CN=*, E=*" > > You're missing a character there. It's should be: > > rightid="C=*, ST=*, O=*, OU=*, CN=*, E=*" > > > I successfully tested it with a simpler pattern: > > rightid="/CN=*/" > > I should mention, though, that the certificate I'm using only has a > Common Name (CN), no other RDNs. > > What I can read from your config files is that you do know the remote IP > address but you do not know the DN of the peer. Is that correct? > > -Daniel > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
