[strongSwan] dhcp plugin: mac address unpredictable?
Harald Dunkel
harald.dunkel at aixigo.de
Thu Mar 20 13:27:53 CET 2014
Hi Andreas,
On 03/19/14 17:31, Andreas Steffen wrote:
> Hi Harri,
>
> the MAC address does not change if the new certificate
> has the same subjectDistinguishedName or subjectAlternativeName
> chosen as the IKEv2 ID.
>
> As an alternative you could explicitly register the client IKEv2 ID
> as a dhcp-client-identifier attribute with your DHCP server
> as in the following example scenario:
>
> http://www.strongswan.org/uml/testresults/ikev2/dhcp-static-client-id/console.log
>
If I got this right, then the dhcp-client-identifier is
supposed to be taken from either the CN or the DN in the
certificate. I tried both: The DHCP server doesn't
answer.
Looking at the DHCP discover packages sent by charon
(Wireshark) I do not see the CN, but some garbage (e.g.
a part from the OU and O entries). I see the mac address,
too.
???
Regards
Harri
More information about the Users
mailing list