Hello,

left|rightid *must* be either the subject distinguished name or
a subjectAltName extension contained in the certificate. If you
don't define leftid or if leftid is not defined in the certificate
then automatically the subject DN is assumed as a default.

As a responder you can define rightid=%any, in that case any
peer with a trusted and non-revoked certificate will be accepted.

Regards

Andreas

On 09/25/2011 10:40 AM, nima chavooshi wrote:
> Hi
> I have setup strongswan and I could establish secure connection with 2
> nodes without any problem. 
> My connection config is :
> 
> conn net-net
>       left=30.0.2.2
>       leftcert=peer1.crt
>       leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>       rightsubnet=30.0.2.0/24 <http://30.0.2.0/24>
>       right=30.0.2.1
>       leftid="C=US, ST=City, L=Teh, O=peer1, OU=peer1, CN=peer1"
>       rightid="C=US, ST=City, L=Teh, O=peer2, OU=peer2, CN=peer2"
>       keyexchange=ikev2
>       type=tunnel
>       auth=ah
>       auto=add
> 
> My concern about leftID and rightID options. I could not establish
> connection without them.related values I derive from certificates. May
> give me more information about possible values that I can set for these
> parameters?
> If I do not want use leftid or rightid, what option do I set instead of
> them?
> 
> Thank in advance 

======================================================================
Andreas Steffen                         andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to