Hi, > leftid=@localhost > rightid=@localhost
These identities don't make much sense. When using certificate authentication, the peer identities must be contained in the certificate, either as subject or as subjectAltName. > 08[CFG] id 'localhost' not confirmed by certificate, defaulting to > 'C=SG, ST=CA, O=DemoCA, CN=localhost, [email protected]' If the ID is not found in the certificate, the identity gets enforced. > 10[CFG] looking for peer configs matching > 192.167.21.2[localhost]...192.167.21.1[C=SG, ST=CA, O=DemoCA, > CN=localhost, [email protected]] The identities won't match to your configuration. Try to use sane peer identities in your config, either subject DNs or subjectAltNames from your certificates. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
