Hello Tobias,
> > 5. Even better, can I use a single conn section to match all users,
> > no matter their operating system, and enforce that they send their
> > client identifier to the DHCP server the same way?
>
> Have a look at [1] for my suggestion to Harald (who had a similar
> ques
Hi Micah,
> 1. Can I configure the strongSwan server to force the clients to send
> the FQDNs as identities?
No, that's a local decision.
> 2. Alternatively, can I generate certificates differently to force the
> clients to send the FQDNs as identities?
Not that I'm aware.
> 3. Am I
Hello Tobias,
> A MAC address is 48 bits, so the 32 bits after the first two bytes
> are taken from the 64-bit SipHash-2-4 value (just by casting to an
> uint32_t) which is then run through htonl() and copied to the address
> buffer. To calculate the value the 128-bit key
> 0x0001020304050607080
Hi Micah,
> However, I became confused here, because the MAC address I am seeing on my
> DHCP server is 7a:a7:bc:8b:b5:ec. After the hardcoded 0x7A and 0xA7 bytes,
> there are only four bytes, but the SipHash-2-4 documentation I'm reading, as
> well as the commit message for commit
> 1255de5a2
Hello,
I am trying to configure my DHCP server to provide a domain name for each
connected strongSwan client. To do that, I need to know the MAC address before
the client connects, so that I can configure the DHCP server to assign it the
correct IP address that corresponds to its DNS entry.
I