> Hi Martin > >>> The authorize hook is called before the auth config is applied to the >>> current IKE SA. >> >> This is intended. apply_auth_cfg() copies the currently active >> authentication round to the list of completed authentication rounds. >> >> In your authorize hook, you can use ike_sa_t.get_auth_cfg() to get the >> current authentication round data; after apply_auth_cfg() that object >> is placed into the rounds completed. You can enumerate all completed >> rounds using ike_sa_t.create_auth_cfg_enumerator(). >> > > Thanks for your answer. > It seems to work fine using IKEv2 with PSK and PKI configs. > > However, it does not seem to work the same way with IKEv1 configs. > During the hook, there is no active authentication round data, but it is set > in > the list of completed rounds. > > Is that a normal behavior? > > Regards,
No thoughts on this? Emeric
