Thanks for this data.
First of all, the DN
C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com
does NOT match
C=AU, O=Mincom Pty. Ltd., CN=ishan
If you want to use wildcards, then you have to specify them explicitly.
Otherwise you have to name all RDNs explicitly. Let's take a look at
ipsec.conf at sun (=abhishek):
conn host-host
left=192.168.3.3
leftcert=abhishekCert.pem
leftid="C=AU, O=Mincom Pty. Ltd., CN=ishan"
right=192.168.3.4
rightid="C=AU, O=Mincom Pty. Ltd., CN=abhishek"
auto=add
Which side is local and which is remote? I guess that right is local
because the local IP address of eth0 is 192.168.3.4. You need to specify
the local certificate with rightcert= in this case. Talking about the
left side: You set leftid to ishan and the leftcert to abhishek. This is
inconsistent. Also, you don't need to set leftcert= at all, because
abhishek gets the certificate of ishan during negotiation via IKEv2.
Try this:
conn host-host
left=192.168.3.3 # remote
leftid="C=AU, ST=QLD, O=Mincom Pty. Ltd., OU=rvce, CN=ishan,
e=ishansharm...@gmail.com"
right=192.168.3.4 # local
rightcert=abhishekCert.pem # local
auto=add
Regards,
Daniel
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
