[strongSwan] left|rightauth in sql

Michael C. Cambria mcc at fid4.com
Wed Jun 3 19:51:26 CEST 2015


How does one set both leftauth=pubkey and rightauth=pubkey using sql?

The peer_configs table [0] is the only place I see something close.  The 
table has "auth_method", which defaults to 1. According to [1] this is 

The problem is that ipsec statusall shows the remove as using any 
authentication, not public key authentication.

[root at thing0 strongswan-5.3.1]# /usr/local/sbin/ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.1, Linux 
3.19.8-100.fc20.x86_64, x86_64):
   uptime: 94 minutes, since Jun 03 12:16:00 2015
   malloc: sbrk 2547712, mmap 0, used 490832, free 2056880
   worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, 
scheduled: 15
   loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey 
pem fips-prf gmp xcbc cmac hmac mysql attr kernel-netlink resolve 
socket-default stroke sql updown xauth-generic
Listening IP addresses:
        node0:  IKEv2, dpddelay=120s
        node0:   local:  [sql.example.com] uses public key authentication
        node0:   remote: [conf.example.com] uses any authentication
        node0:   child: === TUNNEL, 
Security Associations (0 up, 0 connecting):
[root at thing0 strongswan-5.3.1]#

Using ipsec.conf instead of sql shows both local and remove set to use 
public key authentication.

As a follow up, I'd be curious how to specifiy RFC 7427 hash algorithms 
in sql, if this is even possible.


[1] https://wiki.strongswan.org/projects/strongswan/wiki/SQLite

More information about the Users mailing list