On Mon, Oct 22, 2012 at 5:02 PM, Tobias Brunner <[email protected]> wrote: > Hi, > >>>> Is there a configuration setting I can do to "clobber" (kick off) any >>>> existing sessions from the same client certificate (based on CN). I >>>> thought that might be "uniqueids" but based on the above it seems not. >>> >>> Yes, uniqueids is the right option but you will have to use different >>> XAuth credentials for each client. >> >> If I were to use rsasig rather than xauthrsasig then does the "DN" of >> the client certificate become the key for uniqueness checks? > > Yes. > >> I'm wondering if IOS devices will allow rsasig over xauthrsasig. > > As far as I know, they don't.
That being the case ... if I wanted to still use xauthrsasig would it be feasible for me to patch strongswan (5.0.1) to use the "DN" of the client cert as the uniqueness check without much effort? Can you give any pointers to accomplish this? Thanks. _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
