[Swan] IPSec PKI based policy requirement.
Paul Wouters
paul at nohats.ca
Thu Apr 22 19:06:21 UTC 2021
Libreswan complies to RFC 4945 but also accepts webpki/TLS authentication. So almost all certificate EKU’s or lack there of will do.
Sent from my iPhone
> On Apr 22, 2021, at 13:24, Madhan Raj <madhanrajrm at gmail.com> wrote:
>
>
> Hi Swan users,
>
> My libreswan version is libreswan-3.25-9.1.el7.x86_64
>
> and my public key has the below XU and EXU extensions currently
>
> X509v3 Key Usage:
> Digital Signature, Key Encipherment, Data Encipherment, Certificate Sign
> X509v3 Extended Key Usage:
> TLS Web Server Authentication, TLS Web Client Authentication, IPSec End System
> X509v3 Subject Key Identifier:
> EF:D1:D4:57:4F:A1:4A:61:0F:DE:FB:27:AA:63:74:BC:94:ED:A1:18
> X509v3 Basic Constraints: critical
> CA:TRUE, pathlen:0
>
> So i wan't to know does libreswan really need the Key Encipherment & IPSec End System XKU to bring up the IKE connection ?
>
> It would be great if I can get the recommended XU and EXU in the public key to bring up an ipsec connection up and running.
>
> Thanks,
> Madhan
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list