Todo #12044
closed
Improve IPsec identifier settings
100%
Description
We expose several IPsec identifier types in the GUI. strongSwan supports a few more, plus an automatic type. Additionally, our names aren't ideal (e.g. "Distinguished Name" is really FQDN) so there are likely some improvements to be made there, too.
See https://wiki.strongswan.org/projects/strongswan/wiki/IdentityParsing for the options supported by strongSwan, and its current behavior. The current type:value syntax is already in use for some options, for example:
The following types are known: ipv4, ipv6, ipv4net, ipv6net, ipv4range, ipv6range, rfc822, email, userfqdn, fqdn, dns, asn1dn, asn1gn and keyid. Custom type prefixes may be specified by surrounding the numerical type value with curly brackets.
Additionally, we should ensure that if we do validate the various types, that they allow wildcard matching for peer/remote identifiers since it is also supported in strongSwan (See https://wiki.strongswan.org/projects/strongswan/wiki/Swanctlconf in the notes for connections.<conn>.remote<suffix>.id)
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 021ffa0316b05618726243489ad44de91a8c57c4.
Updated by Jim Pingle over 2 years ago
- Tracker changed from Feature to Todo
- Subject changed from Revisit IPsec Identifier Settings to Improve IPsec identifier settings
Updated by Jim Pingle over 2 years ago
- Status changed from Feedback to Resolved
Descriptions are better, options I've tried are all working. If new problems come up they can be added as new and separate issues.
Updated by Jim Pingle over 2 years ago
- Plus Target Version changed from 21.09 to 22.01