Add option to configure client identity in NetworkManager plugin
charon-nm sends the certificate's DN as an identifier. In this case the dhcp plugin on the peer does not set a client hostname option in the dhcp request, i.e. dnsmasq doesn't set the hostname in its DNS database.
It would be very nice if charon/charon-nm could be improved in this case.
On ios or MacOS the client uses the FQDN (configured in a profile) as an identifier, the dhcp plug sets the client hostname in the dhcp request, and dnsmasq registers the hostname in DNS.
Merge commit 'nm-client-id'
Makes the client's IKE identity configurable in the NM GUI. For PSK
authentication the identity is now configured via that new field
and not the username anymore (old configs still work and are migrated
when edited). The client identity now also defaults to the IP address
if not configured when using EAP/PSK.
#1 Updated by Tobias Brunner over 2 years ago
- Status changed from New to Feedback
I'm not sure if the title is correct, as this is more of a charon-nm than a dhcp plugin issue (e.g. add a client ID selector like we provide in the Android app). But you sure could also hack something into the dhcp plugin if really wanted to forward a hostname (e.g. get the client's certificate and search for a FQDN in the SANs).
#3 Updated by Tobias Brunner 5 months ago
- Subject changed from dhcp plugin: please support client hostname option for peers running charon-nm to Add option to configure client identity in NetworkManager plugin
- Category set to networkmanager (charon-nm)
- Target version set to 5.8.3
I pushed some changes to the 2581-nm-client-id branch, which allow configuring a specific client identity (e.g. a subjectAltName instead of the subject DN, which is used by default for certificates).