Martin, you beat me by a couple of minutes :-) Cheers
Andreas Martin Willi wrote: > Hi, > >> Gateway address: 192.168.0.1 >> Gateway certificate: cacert.pem > > There is no option to configure the gateway identity on the client, as > it should be as simple as possible to set up a connection. But for > authentication with CA certificate, the client MUST enforce a specified > gateway identity; otherwise any certificate holder could act as a your > VPN gateway. > To solve this problem, the entered gateway address is also used as the > gateways identity if you configure a CA certificate. This is very > similar to the way Windows 7 is doing it. > If you configure the gateway certificate directly, the certificates > identity is used as gateway identity. > > So if you want to distribute CA certificates to your clients, you'll > have to configure your gateway identity with the identity your clients > enter in the address field (IP or FQDN). Additionally, strongSwan on the > gateway side requires that this identity is contained in your > certificate as subjectAltName. > > Regards > Martin ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
