Re: [strongSwan] One to Many VPN (Host-Host)

Mon, 19 Mar 2018 10:46:09 -0700 

Hi,

> I've made its cert with --san quantum-equities.com,cygnus.darkmatter.org, 
> because the LAN gateway is known outside as quantum-equities.com and the 
> IPSec gateway is known in the LAN as cygnus.darkmatter.org.

That syntax is not valid.  Just use --san multiple times for each SAN
(as the man page for pki --issue indicates).

> I also tried to set --dn "C=US, O=Quantum, 
> CN=quantum-equities.com,cygnus.darkmatter.org" -- but strongswan pki wasn't 
> having it so I had to settle for just quantum-equities.com.

That's because commas separate RDNs (and `cygnus.darkmatter.org` is no
proper RDN) and strongSwan's DN string parser does not support
multi-value RDNs.

> # swanctl -L
> # swanctl -l
> (no response, for some reason)

Yes, and that reason is:  No config has been loaded.  Did you run
swanctl --load-conns (-c) or --load-all (-q)?

Regards,
Tobias

Reply via email to