Todo #12044
closedImprove IPsec identifier settings
100%
Description
We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Additionally, our names aren't ideal (e.g. "Distinguished Name" is really FQDN) so there are likely some improvements to be made there, too.
See https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing for the options supported by strongSwan, and its current behavior. The current type:value
syntax is already in use for some options, for example:
The following types are known: ipv4, ipv6, ipv4net, ipv6net, ipv4range, ipv6range, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn and keyid. Custom type prefixes may be specified by surrounding the numerical type value with curly brackets.
Additionally, we should ensure that if we do validate the various types, that they allow wildcard matching for peer/remote identifiers since it is also supported in strongSwan (See https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf in the notes for connections.<conn>.remote<suffix>.id
)