[strongSwan] Question regarding smartcard configuration
Tobias Brunner
tobias at strongswan.org
Wed Dec 23 10:55:04 CET 2015
Hi Marian,
>>> Dec 21 23:17:46 13[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
>>> Dec 21 23:17:46 13[LIB] engine 'opensc' is not available
>>
>> This message is logged by the openssl plugin, not the pkcs11 plugin.
>
> Does it mean, that openssl is used to access card ? ... and that openssl
> is required to be able to load engine_pkcs11 ?
No, it is not required. But the openssl plugin optionally supports
fetching credentials from OpenSSL ENGINEs.
>> You should check the beginning of the log, is the plugin loaded and the
>> opensc module initialized properly? The plugin should also load the
>> certificates from the token, which you should see in `ipsec listcerts`.
> ...
> However, I cannot see that opensc module (as I named it in the
> strongswan.conf) is initialized. I see simply nothing about the
> initialization procedure.
So try to fix that. You should see at least a line like
> 00[LIB] plugin 'pkcs11': loaded successfully
Make sure the plugin is built and installed and that it is enabled (see
[1]), which should already be the case if it was enabled during the
original build.
> Just a note: if I specify simply
> : PIN %smartcard:1234 %prompt
> It says:
> Dec 22 21:37:33 01[LIB] engine 'pkcs11' is not available
Same message as before, pkcs11 is just the default ENGINE name we assume
in the openssl plugin.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
More information about the Users
mailing list