Hi, > leftid=snowmane > rightid=client
IKE identities must be contained in the certificate used for authentication, either as subject DN or as subjectAltName. > 11[CFG] id 'snowmane' not confirmed by certificate, defaulting to > 'C=US, O=snowmane, CN=snowmane.mydomain.edu' > 11[CFG] id 'client' not confirmed by certificate, defaulting to > 'C=US, O=snowmane, CN=client' The configured identities are not, hence they get replaced by the certificate subject DN. > 02[CFG] <1> looking for XAuthInitRSA peer configs matching > <snowmane.mydomain.edu-ip-address>...<clients-ipv4-address>[C=US, > O=strongSwan, CN=client] Your client uses "C=US, O=strongSwan, CN=client" as identity. This does not match to your "C=US, O=snowmane, CN=client" configuration in place, hence the configuration does not match. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
