Hi All,
I want to use StrongSwan as a client to set up VPN tunnel with other device.
And I configure the authentication mode as EAP_MD5. However, I met some
problems. My configuration file is as follows:
conn test
leftauth=eap
eap_identity=aaron
rightauth=psk
keyexchange=ikev2
left=x.x.x.x
leftsourceip=%config
right=y.y.y.y
rightsubnet=192.168.168.0/24
auto=add
My ipsec.secrets is as follows:
x.x.x.x y.y.y.y : PSK "123456"
aaron : EAP "password"
And also I enable the eap plugin in strongswan.conf
But I capture the packet and found that strongswan send a eap response payload
to peer only with 22 octets which does not include any information about the
eap_identity. Refer to the RFC that says :
A summary of the Challenge and Response packet format is shown below.
The fields are transmitted from left to right.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I can not see the field Name in the packet. Is there any problem?
thanks
-Aaron
<<inline: image001.gif>>
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
