Using StrongSwan with smart cards Introduction Prerequisites

Using StrongSwan with smart cardsInstalling strongSwan with smartcard supportInstalling from binariesIn Debian based systems, strongswan is compiled with smartcard support. To install strongSwan, type as root:$ apt-get install strongswan ipsecDisplay ipsec version typing this command:$ ipsec versionLinux strongSwan U4.3.2/K2.6.32-trunk-amd64Institute for Internet Technologies and ApplicationsUniversity of Applied Sciences Rapperswil, SwitzerlandSee 'ipsec --copyright' for copyright information.Our station is running strongSwan 4.3.2 on GNU/Linux kernel 2.6.32.Installing from sourcesIf your distribution does not offer strongSwan with smartcards, you may need to compile strongSwan [1] from sources:$ ./configure < add your options there > --enable-pluto --enable-smartcard$ make$ sudo make installA more complex configuration line would be:$ ./configure --enable-pluto --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib \--enable-openssl \--enable-nm \--enable-agent \--enable-gcrypt \--enable-integrity-test \--enable-openssl \--enable-eap-gtc --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enableeap-identity\--enable-smartcard$ make$ sudo make installConfiguring gateway MoonAt first, we set up the gateway Moon using a traditional X.509 certificate.Edit /etc/ipsec.conf# /etc/ipsec.conf - strongSwan IPsec configuration fileconfig setupcrlcheckinterval=180strictcrlpolicy=noCopyright GOOZE 2010-2011 http://www.gooze.eu 2 / 7