Hi Peter, > I'm trying to get smartcard support to work with the NetworkManager
> something seems to be missconfigured. > found key on PKCS#11 token 'openSC':1 > using smartcard certificate '[email protected]' > initiating IKE_SA Mobile Pools Crypto Stick[1] to 10.1.0.2 The NetworkManager plugin currently has no option to specify the client identity, it just picks one from the first certificate usable (see [1] for details). As I usually prefer subjectAltNames over complicated Distinguished Names, it picks the first E-Mail subjectAltName as identity. We could add an option to select a specific subjectAltName (or the DN), but this requires some amount of work. > looking for peer configs matching > 10.1.0.2[C=DE, O=MoPo WLAN Test, CN=vpn-mopo.vpn.test.de]... > 10.206.3.148[[email protected]] > no matching peer config found > conn rw2-intern > rightid="C=DE, O=MoPo WLAN Test, CN=*" This config won't match, it uses the full DN. > conn mopo-sc-intern > [email protected] Have you tried "*[email protected]"? Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
