[strongSwan] Allowing only one session per client certificate

Tobias Brunner tobias at strongswan.org
Mon Oct 22 18:37:44 CEST 2012


Hi,

>>> I'm wondering if IOS devices will allow rsasig over xauthrsasig.
>>
>> As far as I know, they don't.
> 
> That being the case ... if I wanted to still use xauthrsasig would it
> be feasible for me to patch strongswan (5.0.1) to use the "DN" of the
> client cert as the uniqueness check without much effort?  Can you give
> any pointers to accomplish this?

You may revert commit 0fbfcf2a [1] to use the IKE identities in
uniqueness checks.  But will your clients really all use the same XAuth
credentials?

Regards,
Tobias

[1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0fbfcf2a




More information about the Users mailing list