Project

General

Profile

Actions

Todo #12044

closed

Improve IPsec identifier settings

Added by Jim Pingle over 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
IPsec
Target version:
Start date:
06/15/2021
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default

Description

We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Additionally, our names aren't ideal (e.g. "Distinguished Name" is really FQDN) so there are likely some improvements to be made there, too.

See https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing for the options supported by strongSwan, and its current behavior. The current type:value syntax is already in use for some options, for example:

The following types are known: ipv4, ipv6, ipv4net, ipv6net, ipv4range, ipv6range, rfc822, email, userfqdn, fqdn,
dns, asn1dn, asn1gn and keyid. Custom type prefixes may be specified by surrounding the numerical type value
with curly brackets.

Additionally, we should ensure that if we do validate the various types, that they allow wildcard matching for peer/remote identifiers since it is also supported in strongSwan (See https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf in the notes for connections.<conn>.remote<suffix>.id)

Actions #1

Updated by Jim Pingle over 3 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle over 3 years ago

  • Tracker changed from Feature to Todo
  • Subject changed from Revisit IPsec Identifier Settings to Improve IPsec identifier settings
Actions #3

Updated by Jim Pingle over 3 years ago

  • Status changed from Feedback to Resolved

Descriptions are better, options I've tried are all working. If new problems come up they can be added as new and separate issues.

Actions #4

Updated by Jim Pingle about 3 years ago

  • Plus Target Version changed from 21.09 to 22.01
Actions

Also available in: Atom PDF