[Swan] IPSec PKI based policy requirement.

Madhan Raj madhanrajrm at gmail.com
Thu Apr 22 17:24:38 UTC 2021

Hi Swan users,

My libreswan version is libreswan-3.25-9.1.el7.x86_64

and my public key has the below XU and EXU extensions  currently

        X509v3 Key Usage:
                Digital Signature, Key Encipherment, Data Encipherment,
Certificate Sign
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client
Authentication, IPSec End System
            X509v3 Subject Key Identifier:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0

So i wan't to know does libreswan really need the  Key Encipherment &
IPSec End System XKU to bring up the IKE connection ?

It would be great if I can get the recommended XU and EXU in the public key
to bring up an ipsec connection up and running.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210422/f2703aae/attachment.html>

More information about the Swan mailing list