[Swan] Possible to setup multiple connections, partly behind NAT?
Tuomo Soini
tis at foobar.fi
Sat Feb 10 16:17:08 EET 2024
On Fri, 9 Feb 2024 23:35:39 +0100
Phil Nightowl via Swan <swan at lists.libreswan.org> wrote:
> I am used to utilise X.509, so I have leftid=%fromcert everywhere.
> Does the above mean that I should use something like
>
> right=%any
> rightid="CN=*.privlan,O=MyOrg,C=CA" ?
That won't work. Wildcard can only match whole label. So this would
work:
rightid="C=CA, O=MyOrg, CN=*"
Note: order of fields must actually match the order libreswan shows
them and all labels in certificate must be present, and I expect the
label order I wrote is what libreswan shows in "ipsec auto
--listpubkeys"
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
More information about the Swan
mailing list