[Openswan Users] android l2tp crt connection
Paul Wouters
paul at xelerance.com
Thu Jul 28 14:05:17 EDT 2011
On Thu, 28 Jul 2011, Bob Miller wrote:
> For the benefit of anyone else looking to accomplish this, here is what
> I found:
> As per an article I found, and my logs support it, a certificate will
> only work if you put the IP address of the remote device into the remote
> device's certificate. Since the devices are mobile, this would require
> a new cert be generated every time the device gets an address, or would
> require the mobile device to somehow have a static IP. Since that isn't
> practical, the path of least resistance in my case is to add a conn for
> using PSKs.
It should work with certs identifiers fine. However, some clients (notable OSX)
requires that the openswan server cert has its IP or FQDN in the subjectAltname
within the certificate.
Paul
More information about the Users
mailing list