Project

General

Profile

Feature #3422

Allow multiple local.id to be specified in a single connection?

Added by Glen Huang 6 months ago. Updated 6 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
23.04.2020
Due date:
Estimated time:
Resolution:

Description

I have a StrongSwan server that wants to accept clients that can send different IDr. Due to local.id not being a list, I currently have to create separate connections for each IDr value. I can not leave local.id out to accept any kind of IDr, because I have cacerts setting in remote that should match the corresponding IDr.

Is there any way I can merge local.id values and just specify a single connection?

Apart from wasting resource, having multiple connections make some connection management very complicated.

History

#1 Updated by Tobias Brunner 6 months ago

  • Status changed from New to Feedback

Is there any way I can merge local.id values and just specify a single connection?

Currently not.

Apart from wasting resource, having multiple connections make some connection management very complicated.

You can use section referencing or includes to simplify configuration if multiple configs differ only slightly.

#2 Updated by Glen Huang 6 months ago

You can use section referencing or includes to simplify configuration if multiple configs differ only slightly.

Since it's in the swanclt doc and not in the vici protocol manual, am I correct to assume that it's only implemented as a syntactic sugar in swanctl and not something that can be transferred on the wire?

#3 Updated by Tobias Brunner 6 months ago

Since it's in the swanclt doc and not in the vici protocol manual, am I correct to assume that it's only implemented as a syntactic sugar in swanctl and not something that can be transferred on the wire?

Yep.

Also available in: Atom PDF