Hi
I have setup strongswan and I could establish secure connection with 2 nodes
without any problem.
My connection config is :
conn net-net
left=30.0.2.2
leftcert=peer1.crt
leftsubnet=0.0.0.0/0
rightsubnet=30.0.2.0/24
right=30.0.2.1
leftid=C=US, ST=City, L=Teh,
Hello,
left|rightid *must* be either the subject distinguished name or
a subjectAltName extension contained in the certificate. If you
don't define leftid or if leftid is not defined in the certificate
then automatically the subject DN is assumed as a default.
As a responder you can define
Hi
Before any question, I thank to anybody that contributes on this mailing
list and special thanks to StrongSwan's developers.
What authentication methods can I use for establish net to net secure
connection in StrongSwan?
Thanks in advance
___
Users
Hi
Thanks a lot for your quick reply.
Excuse me for my dummy question.I am some confused.
May you give me more explanation about subject distinguished name,
subjectAltName, subject DN field on X509 certification?
According to your told, I should define lefid at least, is that true ?
Thanks in
Hi
In some documents I have read about diffie hellman and RSA. according those
documents usage of diffie hellman and RSA is equal, in fact, those method
are used for key exchange.but must only one method to be selected.
In StrongSwan, I have to set both RSA and diffie hellman in ike or esp
values.
Hi
I have found some details on different crypto library on this page:
http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites
On this page there some explanation about supported crypto library as below:
x default built-in crypto library
o OpenSSL crypto library
g Gcrypt crypto
The subject distinguished name or subject DN of an X.509 certificate
consists of several Relative Distinguished Names (RDNs) and therefore
can be quite tiresome to write as in
C=DE, ST=Mecklenburg-Vorpommern, L=Rostock, O=Finanzamt,
OU=Zentrale Informations- und Annahmestelle,
strongSwan exclusively uses Diffie-Hellman for key exchange. There is an
RSA encryption variant for IKEv1 but which is rarely used at all.
Regards
Andreas
On 09/25/2011 03:26 PM, nima chavooshi wrote:
Hi
In some documents I have read about diffie hellman and RSA. according
those documents
RTFM - Read The Fine Manuals!
Andreas
On 09/25/2011 02:57 PM, nima chavooshi wrote:
Hi
Before any question, I thank to anybody that contributes on this mailing
list and special thanks to StrongSwan's developers.
What authentication methods can I use for establish net to net secure
