Strongswan PKCS#11 Support
We developed a Smart Cards based authentication of StrongSwan-IPsec-VPN peers.
This already works on pfSense 2.2.6 by replacing the Strongswan version, but this does not work any longer on pfSense 2.3.X.
The goal is using Smart Cards together with future pfSense versions. Therefore we need StrongSwan PKCS#11 support.
Adding PKCS#11 support needs to be added during compilation/making the binary.
It would help us a lot, if you put PKCS#11 support to StrongSwan within the next pfSense release.
Updated by Jim Thompson almost 5 years ago
- Assignee set to Renato Botelho
no idea what this needs in the GUI, etc.
OP should contact me.
Updated by Viktor Gurov almost 2 years ago
Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0.19.0.txz, pcsc-lite-1.8.24,2.txz + dependencies
need GUI options to select ID of certificate on token + PIN
and testing with different tokens
tested with Aktiv Rutoken ECP