[strongSwan] dhcp plugin: mac address unpredictable?
harald.dunkel at aixigo.de
Thu Mar 20 13:27:53 CET 2014
On 03/19/14 17:31, Andreas Steffen wrote:
> Hi Harri,
> the MAC address does not change if the new certificate
> has the same subjectDistinguishedName or subjectAlternativeName
> chosen as the IKEv2 ID.
> As an alternative you could explicitly register the client IKEv2 ID
> as a dhcp-client-identifier attribute with your DHCP server
> as in the following example scenario:
If I got this right, then the dhcp-client-identifier is
supposed to be taken from either the CN or the DN in the
certificate. I tried both: The DHCP server doesn't
Looking at the DHCP discover packages sent by charon
(Wireshark) I do not see the CN, but some garbage (e.g.
a part from the OU and O entries). I see the mac address,
More information about the Users