Messages

1

Virtual private networks / Connecting Opnsense/Strongswan to Debian Linux/Libreswan - Certificates

« on: July 11, 2023, 11:12:27 pm »

My preferred method of IDing connections between IPSEC endpoints has been to send ASN1.DNs back and forth. Since the one end is always a dynamic ip. This has worked great. I'm updating all my VPN endpoints with OpnSense, if possible, but there is a snag, where I enter the full ASN1.DN in opnsense for the phase1 connection, obfuscated as follows, 
(C = XX, ST = XXXXX, L = XXXXX, O = XXX, emailAddress = XXX@XXXXXXXXXXXX.XXX, CN = XXXX, OU = XX)

libreswan at the other end reads it as (also obfuscated) "0x43DDDD4E492D49DDD34543." Is strongswan hashing the ID? Can I turn that behavior off?