search

quericy / one-key-ikev2-vpn

A bash script base on Centos or Ubuntu help you to create IKEV2/L2TP vpn.
GNU General Public License v3.0
2.09k stars 709 forks source link

泛域名证书问题 #126

Open binyan17 opened 6 years ago

binyan17 commented 6 years ago

你好, 目前我的情况如下: 1.使用自己生成泛域名证书 ipsec pki --pub --in servers/server.pem | ipsec pki --issue --cacert root/root.cert.pem --cakey root/root.pem --dn "C=US, ST=California, L=Los Angeles, O=Google, OU=Google Technology Company Ltd, CN=.vpn.xxxx.com" --san="vpn.xxxx.com" --san=".vpn.xxxx.com" --lifetime 3650 --flag serverAuth --flag ikeIntermediate --outform pem > servers/server.cert.pem 2.ipsec.conf 配置的leftid是tom-02.vpn.xxxx.com

现在使用android客户端一直认证不通过,但如果在生成签名时把tom-02.vpn.xxxx.com加上的话,就能登录成功.

请问是strongswan不支持泛域名证书吗?需要怎么配置,谢谢!

zzuzjl commented 6 years ago

@strongswan说由于安全原因,不支持泛域名证书

nxtreaming commented 6 years ago

确认是不支持泛域名证书。

Productive. Reliable. Fast.

On Thu, Dec 28, 2017 at 12:07 PM, maomao notifications@github.com wrote:

@strongswan https://github.com/strongswan说由于安全原因,不支持泛域名证书

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/quericy/one-key-ikev2-vpn/issues/126#issuecomment-354225146, or mute the thread https://github.com/notifications/unsubscribe-auth/AC9tCwHtGV4jKGVp8WzYhfYDk8nuPVlBks5tExQTgaJpZM4RD0xP .