Hi Ravi,
why don't you use the eap_identity parameter?
Regards
Andreas
On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote:
> Hi all,
>
> I have a situation wherein I need to alter the IDi slightly before the
> EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH message
> should be diff
Sure Andreas. Thank you for this valuable input. I will give a try.
Could you please confirm the difference between 1 and 2 below
1) auth->add(auth, AUTH_RULE_IDENTITY, id);
2) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id);
My understanding is that (1) is used to fill the IDi in the first IKE_
Adding option (3) here.
3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id)
Which of the following identities (1),2 or 3 is used to fetch the private
key in EAP_TLS authentcation.
On Tue, Oct 11, 2016 at 7:28 AM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com> wrote:
> Sure Andreas. Thank you for
Hi Ravi,
yes, your understanding is correct.
Regards
Andraes
On 11.10.2016 13:28, Ravi Kanth Vanapalli wrote:
> Sure Andreas. Thank you for this valuable input. I will give a try.
>
> Could you please confirm the difference between 1 and 2 below
>
> 1) auth->add(auth, AUTH_RULE_IDENTITY, id);
aaa_identity is used by an EAP client to verify the identity
in the TLS server certificate if it is different from the IKEv2
server certificate.
Regards
Andreas
On 11.10.2016 13:36, Ravi Kanth Vanapalli wrote:
> Adding option (3) here.
>
> 3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id)
>
> Whi
Dear Andreas,
Thank you for your valuable inputs. My issue is solved now.
Thanks,
Ravikanth
On Tue, Oct 11, 2016 at 8:47 AM, Andreas Steffen <
andreas.stef...@strongswan.org> wrote:
> aaa_identity is used by an EAP client to verify the identity
> in the TLS server certificate if it is differen
Dear Andreas,
Looks my issue is not solved yet.
I have modified the identity with the statement below
(1) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id2);
But still EAP-TLS is looking for Idenity set with
1) auth->add(auth, AUTH_RULE_IDENTITY, id1);
Can you please help me with this issue.
>From the code it looks like, identity set using AUTH_RULE_EAP_IDENTITY is
used only in the EAP Identity rounds .
This identity is not being used for id check in API find_private_key in
tls_peer.c
Thanks,
Ravikanth
On Tue, Oct 11, 2016 at 12:09 PM, Ravi Kanth Vanapalli <
vvnrk.vanapa...@gmail.com
Hi,
I am trying to bring up ikev2 sa between strongswan and cisco router.
The authentication method used is certificates and prf algorithm is SHA256.
ยท I wanted to know what is the hash algorithm that is used while
generating the signature in AUTH payload for strongswan.
Is it SHA1 or S
Hi Kalyiani,
compliant with RFC 5996, strongSwan generates the RSA public key
signature embedded in the AUTH payload with a SHA1 hash independent
of the HASH and PRF algorithm selected for IKEv2.
In addition to this legacy mechanism, strongSwan supports RFC 7427
"Signature Authentication in IKEv2
10 matches
Mail list logo
