23Mar
StrongSwan, IPsec remote certs and cert_policy
I'm looking for a way to limit the certs that my IPsec can accept. I'm using StrongSwan (swanctl version 5.7), I want to accept only certs coming from a remote with a name of yoji.*.example.com
I searched a lot on the internet. The documentation does not give any solution except modify on the client-side, which I'm not able to do at the moment.
I found something called Cert_Policy but I didn't understand how to apply it, I don't understand how it can help or how to use it.
Can someone help me with this? Or if you have a solution or a modification to modify on the config file that I could try it would be much appreciated!
