Hello,
I'm trying to use PKCS#12 format to stock cert, ca cert and keys. I managed
to have a configuration which is working fine but I would like more details
in order to improve it.
Here is my ipsec.conf :
config setup
conn %default
dpddelay=30
keyingtries=5
rekeymargin=120
dpdtimeout=120
keyexchange=ikev1
keylife=1h
ikelifetime=6h
authby=rsasig
conn Test
right=X.X.X.X
rightsubnet=172.16.1.0/24
rightid=%any
leftid=jacques.moni...@gmail.com
left=%defaultroute
leftsubnet=172.16.0.3/32
leftsendcert=always
auto=route
type=tunnel
ike=aes256-sha2_256-modp1536
esp=aes256-sha2_256-modp1024
ipsec.secrets :
: P12 Test.p12 "test"
I managed to open a tunnel by using the certificate's altName for leftid
but I would like to use the subjet or the file path.
So here's my two questions :
1)
I know I can use leftid=subject in order to use the certificate loaded from
the P12 file but my cert subjet has accents and Strongswan doesn't seem to
find the certificate when the subjet has accent.
For example my certificate subjet is :
C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, E=
jacques.moni...@gmail.com
but when I do ipsec listall I have :
C=FR, ST=R?gion Parisienne, L=Paris, OU=Org, CN=1.Org, E=
jacques.moni...@gmail.com
If I specify leftid="C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org,
E=jacques.moni...@gmail.com", I can see in the logs :
"no private key found for 'C=FR, ST=R??gion Parisienne, L=Paris, OU=Org,
CN=1.Org, E=jacques.moni...@gmail.com'"
How am I supposed to deal whit it ?
2)
I would rather specify which p12 the connection has to use.
Is there any way to specify in each connection configuration which p12 file
is supposed to be use ?
Thanks for helping
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
