[strongSwan] left|rightauth in sql
Michael C. Cambria
mcc at fid4.com
Wed Jun 3 19:51:26 CEST 2015
How does one set both leftauth=pubkey and rightauth=pubkey using sql?
The peer_configs table  is the only place I see something close. The
table has "auth_method", which defaults to 1. According to  this is
The problem is that ipsec statusall shows the remove as using any
authentication, not public key authentication.
[root at thing0 strongswan-5.3.1]# /usr/local/sbin/ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.1, Linux
uptime: 94 minutes, since Jun 03 12:16:00 2015
malloc: sbrk 2547712, mmap 0, used 490832, free 2056880
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem fips-prf gmp xcbc cmac hmac mysql attr kernel-netlink resolve
socket-default stroke sql updown xauth-generic
Listening IP addresses:
node0: 22.214.171.124...126.96.36.199 IKEv2, dpddelay=120s
node0: local: [sql.example.com] uses public key authentication
node0: remote: [conf.example.com] uses any authentication
node0: child: 188.8.131.52/32 === 184.108.40.206/32 TUNNEL,
Security Associations (0 up, 0 connecting):
[root at thing0 strongswan-5.3.1]#
Using ipsec.conf instead of sql shows both local and remove set to use
public key authentication.
As a follow up, I'd be curious how to specifiy RFC 7427 hash algorithms
in sql, if this is even possible.
More information about the Users