[strongSwan] Allowing only one session per client certificate
Tobias Brunner
tobias at strongswan.org
Mon Oct 22 18:02:46 CEST 2012
Hi,
>>> Is there a configuration setting I can do to "clobber" (kick off) any
>>> existing sessions from the same client certificate (based on CN). I
>>> thought that might be "uniqueids" but based on the above it seems not.
>>
>> Yes, uniqueids is the right option but you will have to use different
>> XAuth credentials for each client.
>
> If I were to use rsasig rather than xauthrsasig then does the "DN" of
> the client certificate become the key for uniqueness checks?
Yes.
> I'm wondering if IOS devices will allow rsasig over xauthrsasig.
As far as I know, they don't.
Regards,
Tobias
More information about the Users
mailing list