[ previous ] [ next ] [ threads ]
 From:  JR <tiresias at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: certificate based IPSEC VPN
 Date:  Sat, 9 Feb 2008 03:18:46 -0500
On Jan 23, 2008 3:35 PM, JR <tiresias at gmail dot com> wrote:
> 2008/1/23 Marek Läll <marek dot lall at neti dot ee>:
> > uncomment the following line:
> >     subjectAltName=email:copy
> ...
> > And then in m0n0wall ipsec config I choose "User FQDN" as "My Identifier"
> > and value
> > is email address that you entered while you generated node certificate/key
> Thank you very much for replying. I'm glad to hear that someone has
> got this working. I will try creating new certs with the
> subjectAltName option to use with the FQDN identifier.

I can now confirm that this works for me.

It would be helpful to update the IPSEC chapter in the m0n0wall
handbook (http://doc.m0n0.ch/handbook/ipsec.html) to state that
certificate VPN's on m0n0wall require the subjectAltName parameter in
the certs and must be used with the FQDN identifier matching the email
address on the certs.