how to use wildcard certificate with ikev2 on strongswan
Perhaps in 2017, Strongswan did not support wildcard certificates, but they definitely work today in 2021. For anyone else running into this question, the solution is to change the configuration of "leftid" in the /etc/ipsec.conf configuration file. The relevant fields are:
conn ikev2-vpn
left=%any
leftid=@*.example.com
leftcert=star_example_com.crt
leftsendcert=always
leftsubnet=0.0.0.0/0
Note that the "leftid" configuration setting must use the wildcard name, as it appears in the wildcard certificate.