topic Re: IKEV2 w Cert - Wildcard peer for DN does not work. in General Topics

IKEV2 w Cert - Wildcard peer for DN does not work.

NSutfin — Wed, 19 Mar 2025 18:18:17 GMT

Can someone please give me the format you are using for the peer id using DN with a wildcard. CN= ??

I try

CN=*

CN=lab-fw-vyos-*

The DN in the logs coming in from the peer is

lab-fw-vyos-testsite

when I try CN=lab-fw-vyos-testsite it works but I want to terminate all peers on this IKE gateway so I need a wildcard. Any ideas?

Thanks,

Nathan

Re: IKEV2 w Cert - Wildcard peer for DN does not work.

BPry — Wed, 19 Mar 2025 22:02:55 GMT

@NSutfin,

When you're configuring the IKE gateway have you made sure that your peer ID check is set to Wildcard and do you have the certification payload identification mismatch box checked at all?

Re: IKEV2 w Cert - Wildcard peer for DN does not work.

NSutfin — Thu, 20 Mar 2025 17:41:19 GMT

yes, both are checked. I'd like to see some examples of the peer id field with a wildcard if anyone is using it successfully.

Re: IKEV2 w Cert - Wildcard peer for DN does not work.

rmfalconer — Wed, 26 Mar 2025 14:29:26 GMT

Is wildcard supported on non-fqdn names? Have you tried with fqdn, like *.fw.vyos.com or something like that?

Re: IKEV2 w Cert - Wildcard peer for DN does not work.

NSutfin — Thu, 17 Apr 2025 17:45:32 GMT

Yes and yes. I spoke to TAC. They said dynamic peer using pre shared keys was not supported. Its a wonder it is allowed as an option. I can use with cert based authentications but not PSK. Anyone else see this issue?