Project

General

Profile

Feature #2729

Does Swanctl provide the same option as Ipsec with the rightID using a %?

Added by Clement Chambault about 2 years ago. Updated about 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
swanctl
Target version:
-
Start date:
24.08.2018
Due date:
Estimated time:
Resolution:

Description

With strongswan IPsec the option "%" was used use the rightID from the certificates but it is does not seem to be supported on swanctl (Maybe I missed it)

Is there a way to do the same fucntionality with Swanctl?

Since 5.0.1 rightid for IKEv2 connections optionally takes a % as prefix in front of the identity.
If given it prevents the daemon from sending IDr in its IKE_AUTH request and will allow it to verify the configured identity against the subject and subjectAltNames contained in the responder's certificate (otherwise, it is only compared with the IDr returned by the responder). The IDr sent by the initiator might otherwise prevent the responder from finding a config if it has configured a different value for leftid.

History

#1 Updated by Tobias Brunner about 2 years ago

  • Status changed from New to Feedback

With strongswan IPsec the option "%" was used use the rightID from the certificates but it is does not seem to be supported on swanctl (Maybe I missed it)

Is there a way to do the same fucntionality with Swanctl?

No, currently not.

Also available in: Atom PDF