Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    21.02 and 2.5 upgrade breaks ipsec to Checkpoint FW

    Scheduled Pinned Locked Moved IPsec
    21.02 2.5 ipsec
    22 Posts 6 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bart79 @JeGr
      last edited by

      @jegr hi Jegr
      yes you can change it, but pfsense/strongswan won't find a private key, since the ip is not the CN or a SAN of the cert

      previously with 2.4/strongSwan 5.8.4 you can chose my ip as identifier without that ip as cn or san of the cert

      1 Reply Last reply Reply Quote 1
      • B
        bart79 @JeGr
        last edited by

        @jegr the new strongswan/pfsense version, in case of cert ipsec vpn, will look for a private key that corresponds exactly to the identifier

        previouly this check wasn't done, in the previous version you can choose also the ip as identifier although it was not "stated" as CN or SAN in the cert used for authentication

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.