Feature #6775
closedStrongswan PKCS#11 Support
0%
Description
We developed a Smart Cards based authentication of StrongSwan-IPsec-VPN peers.
This already works on pfSense 2.2.6 by replacing the Strongswan version, but this does not work any longer on pfSense 2.3.X.
The goal is using Smart Cards together with future pfSense versions. Therefore we need StrongSwan PKCS#11 support.
Adding PKCS#11 support needs to be added during compilation/making the binary.
It would help us a lot, if you put PKCS#11 support to StrongSwan within the next pfSense release.
Updated by Jim Thompson about 8 years ago
- Assignee set to Renato Botelho
https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin
no idea what this needs in the GUI, etc.
OP should contact me.
Updated by Renato Botelho over 7 years ago
- Target version changed from 2.4.0 to 2.4.1
Updated by Jim Pingle about 7 years ago
- Target version changed from 2.4.1 to 2.4.2
Updated by Jim Pingle about 7 years ago
- Target version changed from 2.4.2 to 2.4.3
Updated by Jim Pingle almost 7 years ago
- Target version changed from 2.4.3 to 2.4.4
Updated by Jim Pingle almost 6 years ago
- Target version changed from 48 to 2.5.0
Updated by Renato Botelho over 5 years ago
- Status changed from New to Feedback
Plugin support was added to strongswan port on pfSense 2.5.0
I still don't know exactly what to do on GUI
Updated by Viktor Gurov about 5 years ago
Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0.19.0.txz, pcsc-lite-1.8.24,2.txz + dependencies
HowTo: https://wiki.strongswan.org/projects/strongswan/wiki/SmartCards
Works
pfSense 2.5.0.a.20191024.0021
need GUI options to select ID of certificate on token + PIN
and testing with different tokens
tested with Aktiv Rutoken ECP
Updated by Viktor Gurov almost 5 years ago
- Status changed from Feedback to Closed
Please see https://redmine.pfsense.org/issues/9878 for details