You are not logged in.

#1 2018-10-03 08:20:54

LordChaos73
Member
From: .nl
Registered: 2008-11-11
Posts: 183

Strongswan + NetworkManager + smartcard authentication

Hi,

I'm trying to connect to my corporate VPN using StrongSwan, StrongSwan-nm & smartcard authentication. By the way, the smartcard is fully configured and works fine on macOS, for instance.

First, I compiled libgtop11dotnet so that I was able to read the contents off the smartcard. This seems to work fine.
Then I configured StrongSwan to use this pkcs11 module by editing /etc/strongswan.d/charon/pkcs11.conf:

# List of available PKCS#11 modules.
    modules {

        gemalto {

            # Whether to automatically load certificates from tokens.
            # load_certs = yes
            load_certs = yes

            # Whether OS locking should be enabled for this module.
            # os_locking = no
            os_locking = yes

            # Full path to the shared object file of this PKCS#11 module.
            # path =
            path = /usr/lib/pkcs11/libgtop11dotnet.so

        }

    }

Then I created the VPN connection in NetworkManager but when I try to connect I get this error:

VPN connection: failed to connect: 'no usable smartcard certificate found

I've set the StrongSwan NetworkManager connection to smartcard authentication, I've entered the PIN and filled out all other necessary details.

Am I overlooking something here?

Offline

Board footer

Powered by FluxBB