Hi Justin, > ==== SERVER ipsec.conf ==== > [...] > leftcert=cert.pem > leftid=%any
In strongswan, it is required that you define a leftid that is contained in your certificate, either as subject or as subjectAltName. This is certainly not the case for %any, hence the daemon overrides leftid with the certificate subject (see startup log). > ==== CLIENT ipsec.conf ==== > [...] > right=msi-strongswan.simorg.msi Your client however doesn't define a rightid, defaulting to right, which is the IP for msi-strongswan.simorg.msi. To fix the issue, use a leftid on the server that is contained in the certificate. On the client, configure the same as rightid. Alternatively you can define rightid=%any on the client, but this implies that your connection can be authenticated by any responder that has a valid certificate under your CA. Best regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
