> This indicates that the ID you configured in your ipsec.conf > does not match the one from the cert. You can see it both ways: > distinguished name misconfigured, or ipsec.conf's leftid wrong. > However, it's much easier to reconfigure the leftid in your > psec.conf. See the section about leftid/rightid in [1] for > how to configure your local/remote IDs. > The error below has most likely the same origin: charon is > looking for a peer configuration using the rightid you > (mis)configured while your peer's certificate is in another > name. Again, try to reconfigure your IDs using [1].
I don't understand. From what I showed, where is the discrepancy? The cert shows the same domain. I don't get the "not confirmed by certificate" message if I use "C=NL, O=Example Company, CN=vpn.example.com" for leftid in ipsec.conf but I do if I use "vpn.example.com". Isn't it supposed to work either way?
