You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was using the Gemalto SafeNet eToken 5110 for my StrongSwan RoadWarrior authentication against my IPSEC Gateway (BinTEC RS123W). It works fine with Gemalto PKCS#11 module "libeToken.so.9.0.43" coming with SafeNet Authentication Client 9.0.43.
But now, using SafeNet SafeNet Authentication Client 10.7.77, the module produces a "MECHANISM_INVALID" error, denying any approach to connect.
Here the swanctl.conf
connections {
{
unique=replace
aggressive=no
version=2
send_cert=always
proposals=aes256-sha256-modp2048
rekey_time=230m
over_time=10m
keyingtries=3
vips=192.168.221.1
remote_addrs=
pools=remote_pool
local {
auth=pubkey
cert {
slot=0
handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
}
}
remote {
auth=pubkey
id="CN="
cacerts=<pathToMyCAcert.pem>
}
children {
vp202_sa1 {
start_action=start
close_action=start
mode=tunnel
updown=
mark_in=42
mark_out=42
esp_proposals=aes256-sha256-modp2048
life_time=120m
rekey_time=108m
local_ts=192.168.221.1/32
remote_ts=192.168.202.0/24
dpd_action=restart
}
}
}
}
pools {
remote_pool {
addrs=192.168.202.0/24
}
}
secrets {
token {
slot=0
handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
pin=<myTokenPassword>
}
}
The text was updated successfully, but these errors were encountered:
I was using the Gemalto SafeNet eToken 5110 for my StrongSwan RoadWarrior authentication against my IPSEC Gateway (BinTEC RS123W). It works fine with Gemalto PKCS#11 module "libeToken.so.9.0.43" coming with SafeNet Authentication Client 9.0.43.
But now, using SafeNet SafeNet Authentication Client 10.7.77, the module produces a "MECHANISM_INVALID" error, denying any approach to connect.
Here the swanctl.conf
connections {
{
unique=replace
aggressive=no
version=2
send_cert=always
proposals=aes256-sha256-modp2048
rekey_time=230m
over_time=10m
keyingtries=3
vips=192.168.221.1
remote_addrs=
pools=remote_pool
local {
auth=pubkey
cert {
slot=0
handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
}
}
remote {
auth=pubkey
id="CN="
cacerts=<pathToMyCAcert.pem>
}
children {
vp202_sa1 {
start_action=start
close_action=start
mode=tunnel
updown=
mark_in=42
mark_out=42
esp_proposals=aes256-sha256-modp2048
life_time=120m
rekey_time=108m
local_ts=192.168.221.1/32
remote_ts=192.168.202.0/24
dpd_action=restart
}
}
}
}
The text was updated successfully, but these errors were encountered: