Project

General

Profile

Feature #6775

Strongswan PKCS#11 Support

Added by Anonymous over 4 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/07/2016
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default

Description

We developed a Smart Cards based authentication of StrongSwan-IPsec-VPN peers.
This already works on pfSense 2.2.6 by replacing the Strongswan version, but this does not work any longer on pfSense 2.3.X.
The goal is using Smart Cards together with future pfSense versions. Therefore we need StrongSwan PKCS#11 support.

Adding PKCS#11 support needs to be added during compilation/making the binary.

It would help us a lot, if you put PKCS#11 support to StrongSwan within the next pfSense release.

Associated revisions

Revision 11f166d8 (diff)
Added by Renato Botelho over 1 year ago

Ticket #6775: Enable strongswan pkcs11 plugin

History

#1 Updated by Jim Thompson over 4 years ago

  • Assignee set to Renato Botelho

https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin

no idea what this needs in the GUI, etc.

OP should contact me.

#2 Updated by Renato Botelho over 3 years ago

  • Target version changed from 2.4.0 to 2.4.1

#3 Updated by Jim Pingle over 3 years ago

  • Target version changed from 2.4.1 to 2.4.2

#4 Updated by Jim Pingle over 3 years ago

  • Target version changed from 2.4.2 to 2.4.3

#5 Updated by Jim Pingle about 3 years ago

  • Target version changed from 2.4.3 to 2.4.4

#6 Updated by Steve Beaver over 2 years ago

  • Target version changed from 2.4.4 to 48

#7 Updated by Jim Pingle about 2 years ago

  • Target version changed from 48 to 2.5.0

#8 Updated by Renato Botelho over 1 year ago

  • Status changed from New to Feedback

Plugin support was added to strongswan port on pfSense 2.5.0

I still don't know exactly what to do on GUI

#9 Updated by Viktor Gurov over 1 year ago

Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0.19.0.txz, pcsc-lite-1.8.24,2.txz + dependencies
HowTo: https://wiki.strongswan.org/projects/strongswan/wiki/SmartCards

Works

pfSense 2.5.0.a.20191024.0021

need GUI options to select ID of certificate on token + PIN
and testing with different tokens

tested with Aktiv Rutoken ECP

#10 Updated by Viktor Gurov over 1 year ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF