Hello, left|rightid *must* be either the subject distinguished name or a subjectAltName extension contained in the certificate. If you don't define leftid or if leftid is not defined in the certificate then automatically the subject DN is assumed as a default.
As a responder you can define rightid=%any, in that case any peer with a trusted and non-revoked certificate will be accepted. Regards Andreas On 09/25/2011 10:40 AM, nima chavooshi wrote: > Hi > I have setup strongswan and I could establish secure connection with 2 > nodes without any problem. > My connection config is : > > conn net-net > left=30.0.2.2 > leftcert=peer1.crt > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> > rightsubnet=30.0.2.0/24 <http://30.0.2.0/24> > right=30.0.2.1 > leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1" > rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2" > keyexchange=ikev2 > type=tunnel > auth=ah > auto=add > > My concern about leftID and rightID options. I could not establish > connection without them.related values I derive from certificates. May > give me more information about possible values that I can set for these > parameters? > If I do not want use leftid or rightid, what option do I set instead of > them? > > Thank in advance ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
