[strongSwan] Allowing only one session per client certificate

Tobias Brunner tobias at strongswan.org
Mon Oct 22 18:02:46 CEST 2012


Hi,

>>> Is there a configuration setting I can do to "clobber" (kick off) any
>>> existing sessions from the same client certificate (based on CN).  I
>>> thought that might be "uniqueids" but based on the above it seems not.
>>
>> Yes, uniqueids is the right option but you will have to use different
>> XAuth credentials for each client.
> 
> If I were to use rsasig rather than xauthrsasig then does the "DN" of
> the client certificate become the key for uniqueness checks?

Yes.

> I'm wondering if IOS devices will allow rsasig over xauthrsasig.

As far as I know, they don't.

Regards,
Tobias





More information about the Users mailing list