Hi, > 1) [...] > For example my certificate subjet is : > C=FR, ST=Région Parisienne, L=Paris, OU=Org, CN=1.Org, > [email protected] > but when I do ipsec listall I have : > C=FR, ST=R?gion Parisienne, L=Paris, OU=Org, CN=1.Org, > [email protected]
Converting Distinguished Names to strings is very conservative in strongSwan, anything non-ASCII gets replaced by '?'. However, actually comparing distinguished names is more flexible, as it is not done on that converted string, but the ASN.1 encoding. Specifying leftid correctly probably depends on your ipsec.conf encoding and your locale. > 2) I would rather specify which p12 the connection has to use. > Is there any way to specify in each connection configuration which p12 file > is supposed to be use ? No, not for PKCS#12. You can enforce a plain certificate to use using leftcert, and leftid gets replaced by the cert subject if it is not contained in the cert as subjectAltName. But this requires that you extract your PKCS#12 container and configure the certificates and keys separately, as leftcert does not take containers. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
