On Jan 23, 2008 3:35 PM, JR <tiresias at gmail dot com> wrote:
> 2008/1/23 Marek LÃ¤ll <marek dot lall at neti dot ee>:
> > uncomment the following line:
> > subjectAltName=email:copy
> > And then in m0n0wall ipsec config I choose "User FQDN" as "My Identifier"
> > and value
> > is email address that you entered while you generated node certificate/key
> Thank you very much for replying. I'm glad to hear that someone has
> got this working. I will try creating new certs with the
> subjectAltName option to use with the FQDN identifier.
I can now confirm that this works for me.
It would be helpful to update the IPSEC chapter in the m0n0wall
handbook (http://doc.m0n0.ch/handbook/ipsec.html) to state that
certificate VPN's on m0n0wall require the subjectAltName parameter in
the certs and must be used with the FQDN identifier matching the email
address on the certs.