Project

General

Profile

Actions

Feature #6775

closed

Strongswan PKCS#11 Support

Added by Anonymous about 5 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Category:
IPsec
Target version:
Start date:
09/07/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

We developed a Smart Cards based authentication of StrongSwan-IPsec-VPN peers.
This already works on pfSense 2.2.6 by replacing the Strongswan version, but this does not work any longer on pfSense 2.3.X.
The goal is using Smart Cards together with future pfSense versions. Therefore we need StrongSwan PKCS#11 support.

Adding PKCS#11 support needs to be added during compilation/making the binary.

It would help us a lot, if you put PKCS#11 support to StrongSwan within the next pfSense release.

Actions #1

Updated by Jim Thompson almost 5 years ago

  • Assignee set to Renato Botelho

https://wiki.strongswan.org/projects/strongswan/wiki/PKCS11plugin

no idea what this needs in the GUI, etc.

OP should contact me.

Actions #2

Updated by Renato Botelho about 4 years ago

  • Target version changed from 2.4.0 to 2.4.1
Actions #3

Updated by Jim Pingle about 4 years ago

  • Target version changed from 2.4.1 to 2.4.2
Actions #4

Updated by Jim Pingle almost 4 years ago

  • Target version changed from 2.4.2 to 2.4.3
Actions #5

Updated by Jim Pingle over 3 years ago

  • Target version changed from 2.4.3 to 2.4.4
Actions #6

Updated by Steve Beaver about 3 years ago

  • Target version changed from 2.4.4 to 48
Actions #7

Updated by Jim Pingle over 2 years ago

  • Target version changed from 48 to 2.5.0
Actions #8

Updated by Renato Botelho about 2 years ago

  • Status changed from New to Feedback

Plugin support was added to strongswan port on pfSense 2.5.0

I still don't know exactly what to do on GUI

Actions #9

Updated by Viktor Gurov almost 2 years ago

Tested, with editing of ipsec.secrets, ipsec.conf and charon.conf
+ installing packages: ccid-1.4.30.txz, opensc-0.19.0.txz, pcsc-lite-1.8.24,2.txz + dependencies
HowTo: https://wiki.strongswan.org/projects/strongswan/wiki/SmartCards

Works

pfSense 2.5.0.a.20191024.0021

need GUI options to select ID of certificate on token + PIN
and testing with different tokens

tested with Aktiv Rutoken ECP

Actions #10

Updated by Viktor Gurov almost 2 years ago

  • Status changed from Feedback to Closed
Actions

Also available in: Atom PDF