Hi, This issue got solved by having subjectAltName = email: [email protected]' in the certificate. Earlier it was subjectAltName = DNS:[email protected]'... It is rightly said by strongswan that it is not a valid DN.
Regards, Sriram On Thu, Aug 14, 2014 at 8:38 PM, Sriram <[email protected]> wrote: > Hello, > > I am trying to establish ipsec tunnel using certificate authentication. I > am using strongswan 5.1.1 on both the peers. > > I have configured leftid parameter in ipsec.conf to be > > leftid = <subject Altname from certificate> > > Here subject Altname is the FQDN. > > On both the peers I have configured left id as above. > > IKE_AUTH happens and tunnel gets established. However in IDi payload, > Subject Altname is not going, instead Full Subject name is exchanged. > > Can u please let me know the reason behind this ? In between I saw the > below log, > > 2014-08-14T13:12:29+00:00 (none) charon: 05[CFG] id ' > [email protected]' not confirmed by certificate, defaulting to 'C=IN, > ST=KAR, L=BLR, O=ABC,OU=Networking, CN=123456789ABC.. > > How to overcome this situation ? > > Regards, > Sriram > > > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
