Hi,
How does one set both leftauth=pubkey and rightauth=pubkey using sql?
The peer_configs table [0] is the only place I see something close. The
table has "auth_method", which defaults to 1. According to [1] this is
AUTH_CLASS_PUBKEY
The problem is that ipsec statusall shows the remove as using any
authentication, not public key authentication.
[root@thing0 strongswan-5.3.1]# /usr/local/sbin/ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.1, Linux
3.19.8-100.fc20.x86_64, x86_64):
uptime: 94 minutes, since Jun 03 12:16:00 2015
malloc: sbrk 2547712, mmap 0, used 490832, free 2056880
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 15
loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem fips-prf gmp xcbc cmac hmac mysql attr kernel-netlink resolve
socket-default stroke sql updown xauth-generic
Listening IP addresses:
68.128.155.106
Connections:
node0: 68.128.155.106...68.128.155.242 IKEv2, dpddelay=120s
node0: local: [sql.example.com] uses public key authentication
node0: remote: [conf.example.com] uses any authentication
node0: child: 68.128.155.106/32 === 68.128.155.242/32 TUNNEL,
dpdaction=clear
Security Associations (0 up, 0 connecting):
none
[root@thing0 strongswan-5.3.1]#
Using ipsec.conf instead of sql shows both local and remove set to use
public key authentication.
As a follow up, I'd be curious how to specifiy RFC 7427 hash algorithms
in sql, if this is even possible.
Thanks,
MikeC
[0]
https://wiki.strongswan.org/projects/strongswan/repository/entry/src/pool/sqlite.sql
[1] https://wiki.strongswan.org/projects/strongswan/wiki/SQLite
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
