Project

General

Profile

Feature #6775

Strongswan PKCS#11 Support

Added by Anonymous almost 4 years ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/07/2016
Due date:
% Done:

0%

Estimated time:

Description

We developed a Smart Cards based authentication of StrongSwan-IPsec-VPN peers.
This already works on pfSense 2.2.6 by replacing the Strongswan version, but this does not work any longer on pfSense 2.3.X.
The goal is using Smart Cards together with future pfSense versions. Therefore we need StrongSwan PKCS#11 support.

Adding PKCS#11 support needs to be added during compilation/making the binary.

It would help us a lot, if you put PKCS#11 support to StrongSwan within the next pfSense release.

Associated revisions

Revision 11f166d8 (diff)
Added by Renato Botelho 10 months ago

Ticket #6775: Enable strongswan pkcs11 plugin

History

#1 Updated by Jim Thompson over 3 years ago

  • Assignee set to Renato Botelho

https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin

no idea what this needs in the GUI, etc.

OP should contact me.

#2 Updated by Renato Botelho almost 3 years ago

  • Target version changed from 2.4.0 to 2.4.1

#3 Updated by Jim Pingle over 2 years ago

  • Target version changed from 2.4.1 to 2.4.2

#4 Updated by Jim Pingle over 2 years ago

  • Target version changed from 2.4.2 to 2.4.3

#5 Updated by Jim Pingle over 2 years ago

  • Target version changed from 2.4.3 to 2.4.4

#6 Updated by Steve Beaver almost 2 years ago

  • Target version changed from 2.4.4 to 48

#7 Updated by Jim Pingle over 1 year ago

  • Target version changed from 48 to 2.5.0

#8 Updated by Renato Botelho 10 months ago

  • Status changed from New to Feedback

Plugin support was added to strongswan port on pfSense 2.5.0

I still don't know exactly what to do on GUI

#9 Updated by Viktor Gurov 9 months ago

Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0.19.0.txz, pcsc-lite-1.8.24,2.txz + dependencies
HowTo: https://wiki.strongswan.org/projects/strongswan/wiki/SmartCards

Works

pfSense 2.5.0.a.20191024.0021

need GUI options to select ID of certificate on token + PIN
and testing with different tokens

tested with Aktiv Rutoken ECP

#10 Updated by Viktor Gurov 6 months ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF