Add checkbox or default option for "verify_identifier on;" on IPsec RSA VPNs
The ASN1DN field on the "peers_identifier" option within racoon.conf can be used to specify which certificate or set of certificates should be allowed to connect. Anyway, for this to take effect, there's an additional option required on the racoon.conf file:
The default value for this is off. I guess this can be set to always on without harm, and increased security. If the ASN1DN values are left blank, they will be taken and verified from the certificates themselves. If you specify an ASN1DN manually, it will be used for verification.
In case I am missing something else that might break by adding this as a default option, a checkbox to enable it will be great.
#1 Updated by Doktor Notor over 5 years ago
Guys, this is NOT a feature request, this is a major security issue! Can someone finally fix this?