> Now to the problem:
>
>> no matching config found for
>> 'C=ES, O=VPN Test, OU=Test, CN=vpn-gateway.vpntest.org,
>> [email protected]'...
>> 'C=ES, O=VPN Test, OU=Test, CN=usuario-ikev2'
>
> But your config is:
>
>> rightid="C=ES, O=VPN Test, OU=Test, CN=vpn-gateway.vpntest.org,
>> [email protected]"
>> rightid="C=ES, O=VPN Test, OU=Test, CN=roadwarrior"
>
> The client identity doesn't match.
Sorry, assume they match. "usuario-ikev2" is the real user I'm using,
and I substituted it with "roadwarrior" in my email but obviously
forgot to do so in every instance. The problem is not there.
> Double check that the client uses the
> same identity that the server expects. This identity must be contained
> in the clients certificate (either as DN or as subjectAltName). You can
> also use wildcard matching ("C=ES, O=VPN Test, OU=Test, CN=*") for
> multiple clients, or even accept any client with a cert under that ca
> (rightid=%any).
>
I don't understand this. As for wildcard or rightid=%any, that is not
viable because the configuration MUST be unique for each user, so it
can assign their fixed IPs...so what might the problem be? Maybe the
roadwarrior is presenting the subjectAltName?
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
