[Swan] swan-docs

Paul Wouters paul at nohats.ca
Thu Sep 29 17:01:38 UTC 2016

On Thu, 29 Sep 2016, Sergey Mihailov wrote:

> Sorry, I can incorrectly written, but I have a couple of questions on documentation
> https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH_with_Certificates
> 1.
> ...
> leftcert=vpn.example.com
> leftid=@vpn.nohats.ca
> ...
> Example create its server certificate ?

There are various tools you can use to generate certificates. openssl,
or nss's certutil, or xca or tinyCA2, etc etc.

You can find the example code we use to generate our test certficates


> 2.
> ...
> right=%any
> rightid=%fromcert
> rightrsasigkey=%cert
> ...
> line rightrsasigkey=%cert exclude line rightid=%fromcert ?

You should be able to omit the rightrsasigkey= line if you are using
leftcert= already.

> P.S. libreswan support EAP ? Please example config its ...

Unfortunately, no. all EAP code is openssl/wpa_supplicant based,
and libreswan uses NSS. So we have not yet written all the code
needed for EAP support.


More information about the Swan mailing list