"
My preferred method of IDing connections between IPSEC endpoints has been to send ASN1.DNs back and forth. Since the one end is always a dynamic ip. This has worked great. I'm updating all my VPN endpoints with OpnSense, if possible, but there is a snag, where I enter the full ASN1.DN in opnsense for the phase1 connection, obfuscated as follows,
(C = XX, ST = XXXXX, L = XXXXX, O = XXX, emailAddress = XXX@XXXXXXXXXXXX.XXX, CN = XXXX, OU = XX)
libreswan at the other end reads it as (also obfuscated) "0x43DDDD4E492D49DDD34543." Is strongswan hashing the ID? Can I turn that behavior off?
(C = XX, ST = XXXXX, L = XXXXX, O = XXX, emailAddress = XXX@XXXXXXXXXXXX.XXX, CN = XXXX, OU = XX)
libreswan at the other end reads it as (also obfuscated) "0x43DDDD4E492D49DDD34543." Is strongswan hashing the ID? Can I turn that behavior off?
