Hi

I am currently developing our VPN solution that based only on certificate authentication (so no username, password or xauth). I succeeded in developing something for SSL-VPN which is running quiet fine but however... I have some difficulties with IPSec.

I nailed down my issue to a simple change in my configration. When I supply a configuration that explicitly mentions the certificate that is need like this:

<auth_data>

    <mode>aggressive</mode>

    <certificate>

        <common_name>

            <match_type><![CDATA[simple]]></match_type>

            <pattern><![CDATA[My Name]]></pattern>

       </common_name>

        <issuer>

            <match_type><![CDATA[simple]]></match_type>

            <pattern><![CDATA[My CA]]></pattern>

        </issuer>

     </certificate>

</auth_data>

everything is working fine but as soon as I try it with a wildcard or regex like this:

<auth_data>

    <mode>aggressive</mode>

    <certificate>

        <common_name>

            <match_type><![CDATA[wildcard]]></match_type>

            <pattern><![CDATA

       </common_name>

        <issuer>

            <match_type><![CDATA[simple]]></match_type>

            <pattern><![CDATA[My CA]]></pattern>

        </issuer>

     </certificate>

</auth_data> the connection is not working anylonger. However the Forticlient is showing the correct certificate in the certificate selection screen.

This issue only affects IPSec VPN. SSL-VPN works fine with the same certificate configuration. Any ideas what I might do wrong?