Re: [strongSwan] trying to configure strongswan to act like a windows7 client

Sun, 10 Jul 2011 04:46:44 -0700 


I'm connecting to a Cisco router  which query for the EAP identity

The router sends:
*Jul 10 11:44:01.237: IKEv2:(SA ID = 1):Building packet for encryption.  
Payload contents: 
 VID  Next payload: IDr, reserved: 0x0, length: 20
 IDr  Next payload: CERT, reserved: 0x0, length: 74
    Id type: DER ASN1 DN, Reserved: 0x0 0x0
 CERT  Next payload: AUTH, reserved: 0x0, length: 865
    Cert encoding X.509 Certificate - signature
 AUTH  Next payload: EAP, reserved: 0x0, length: 264
    Auth method RSA, reserved: 0x0, reserved 0x0
 EAP  Next payload: NONE, reserved: 0x0, length: 10
    Code: request: id: 59, length: 6
    Type: identity
 
and I get a NAK from the strongswan



Jul 10 13:32:26 ironmaiden charon: 13[IKE] authentication of 'CN=10.1.1.254, 
OU=TAC, O=Cisco, C=BE' with RSA signature successful
Jul 10 13:32:26 ironmaiden charon: 13[IKE] server requested EAP_IDENTITY, 
sending 'cisco'
Jul 10 13:32:26 ironmaiden charon: 13[IKE] EAP_IDENTITY not supported, sending 
EAP_NAK
Jul 10 13:32:26 ironmaiden charon: 13[IKE] reinitiating already active tasks
Jul 10 13:32:26 ironmaiden charon: 13[IKE]   IKE_AUTHENTICATE task
Jul 10 13:32:26 ironmaiden charon: 13[ENC] added payload of type 
EXTENSIBLE_AUTHENTICATION to message
Jul 10 13:32:26 ironmaiden charon: 13[ENC] added payload of type 
EXTENSIBLE_AUTHENTICATION to message
Jul 10 13:32:26 ironmaiden charon: 13[ENC] generating IKE_AUTH request 2 [ 
EAP/RES/NAK ]
Jul 10 13:32:26 ironmaiden charon: 13[ENC] insert payload 
EXTENSIBLE_AUTHENTICATION to encryption payload


conn cisco
        left=10.1.1.1
        right=10.1.1.254
        keyexchange=ikev2
        ike=3des-sha1-modp1024
        esp=aes-sha1
        leftauth=eap-mschapv2
        leftid=10.1.1.1
        eap_identity=cisco
        rightsubnet=0.0.0.0/0
        auto=start
        mobike=no



This config works well with a true windows7 client.... Why EAP-Identity is not 
supported?


From: [email protected]
To: [email protected]
Date: Sun, 10 Jul 2011 13:06:11 +0200
Subject: Re: [strongSwan] trying to configure strongswan to act like a  
windows7 client








Ok I think I've found it

http://www.strongswan.org/uml/testresults/ikev2/rw-eap-mschapv2-id-rsa/index.html

Let me play a bit



From: [email protected]
To: [email protected]
Subject: trying to configure strongswan to act like a windows7 client
Date: Sun, 10 Jul 2011 11:57:57 +0200








Hello,


I would like to emulate a windows7 ikev2 client by using strongswan. Does 
anyone have an idea?

Cheers,
                                                                                
  

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users                             
          
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to