[strongSwan] Allowing only one session per client certificate
kgardenia42
kgardenia42 at googlemail.com
Mon Oct 22 18:16:06 CEST 2012
On Mon, Oct 22, 2012 at 5:02 PM, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi,
>
>>>> Is there a configuration setting I can do to "clobber" (kick off) any
>>>> existing sessions from the same client certificate (based on CN). I
>>>> thought that might be "uniqueids" but based on the above it seems not.
>>>
>>> Yes, uniqueids is the right option but you will have to use different
>>> XAuth credentials for each client.
>>
>> If I were to use rsasig rather than xauthrsasig then does the "DN" of
>> the client certificate become the key for uniqueness checks?
>
> Yes.
>
>> I'm wondering if IOS devices will allow rsasig over xauthrsasig.
>
> As far as I know, they don't.
That being the case ... if I wanted to still use xauthrsasig would it
be feasible for me to patch strongswan (5.0.1) to use the "DN" of the
client cert as the uniqueness check without much effort? Can you give
any pointers to accomplish this?
Thanks.
More information about the Users
mailing list