[strongSwan] Allowing only one session per client certificate
Tobias Brunner
tobias at strongswan.org
Mon Oct 22 18:37:44 CEST 2012
Hi,
>>> I'm wondering if IOS devices will allow rsasig over xauthrsasig.
>>
>> As far as I know, they don't.
>
> That being the case ... if I wanted to still use xauthrsasig would it
> be feasible for me to patch strongswan (5.0.1) to use the "DN" of the
> client cert as the uniqueness check without much effort? Can you give
> any pointers to accomplish this?
You may revert commit 0fbfcf2a [1] to use the IKE identities in
uniqueness checks. But will your clients really all use the same XAuth
credentials?
Regards,
Tobias
[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0fbfcf2a
More information about the Users
mailing list