Tero assigned the Eerly Code Points for the PPK values. Thanks!
We have updated our code to use these, so if you are doing interop testing with vpn-ppk-nohats.ca, use the new allocations: 16435 USE_PPK [draft-ietf-ipsecme-qr-ikev2] 16436 PPK_IDENTITY [draft-ietf-ipsecme-qr-ikev2] 16437 NO_PPK_AUTH [draft-ietf-ipsecme-qr-ikev2] If you want to test certificate (RSA) based authentication using PPK, let me know and I can give you a PKCS#12 to do PPK with RSA. Paul ---------- Forwarded message ---------- Date: Thu, 11 Jan 2018 00:58:45 From: Paul Wouters <p...@nohats.ca> Cc: 'Vukasin Karadzic' <vukasin.karad...@gmail.com> To: Valery Smyslov <s...@elvis.ru> Subject: vpn-ppk.nohats.ca upgraded to draft-ietf-ipsecme-qr-ikev2-01 It uses the same information as before: server: vpn-ppk.nohats.ca server id ID_FQDN: vpn-ppk.nohats.ca local id (group id): GroupPPK1 PSK: SecretPSK PPK ID: PPKID1 PPK: NotQuantumSafe Please test with the correct PPK ID and the wrong PPK ID (for NO_PPK_AUTH) Currently, our initiator code seems to have a bug in the NO_PPK_AUTH case where it ends up with a different SKEYSEED. We are still investigating. If the draft has no bug, and your client has no bug, then the NO_PPK_AUTH should work for you :) Paul _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec