Discussion:
Rightgroups
Claude Tompers
2013-01-16 08:17:48 UTC
Permalink
Hi,

Is the rightgroups parameter in ipsec.conf appicable to Certificate DN's ?

kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
Martin Willi
2013-01-16 08:23:40 UTC
Permalink
Hi Claude,
Post by Claude Tompers
Is the rightgroups parameter in ipsec.conf appicable to Certificate DN's ?
No, none of the DN components is interpreted as group.

To limit a connection to an O=, OU= or other RDN you can use wildcards
in rightid, such as "C=CH, O=strongSwan, OU=sales, CN=*".

Regards
Martin
Claude Tompers
2013-01-16 08:36:23 UTC
Permalink
Post by Martin Willi
Hi Claude,
Post by Claude Tompers
Is the rightgroups parameter in ipsec.conf appicable to Certificate DN's ?
No, none of the DN components is interpreted as group.
To limit a connection to an O=, OU= or other RDN you can use wildcards
in rightid, such as "C=CH, O=strongSwan, OU=sales, CN=*".
Regards
Martin
Hi Martin,

Thanks for the explanations, it works. :)

kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et systÚme
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
Loading...