Hi all ,
I am trying to achieve a simple fix for a issue I am facing mentioned in
https://lists.strongswan.org/pipermail/users/2012-April/007504.html
Its my understanding that in IKEv1 the peer ID is checked but in my scenario
there is no way of knowing the peer's ID and hence the issue is seen here.
Therefore I am trying to get a workaround such that peer ID check can be
skipped.
Is this a possible solution?
I have a patch, attached document contains the difference of the change I
have tried, but still receiving a INVALID_ID_INFORMATION error message.
Any help with this workaround is highly appreciated.
Thanks & Regards,
Vinay
--- ...\strongswan-4.6.2\strongswan-4.6.2\src\pluto\ipsec_doi.c 2011-11-07
22:27:07.000000000 +-0530
+++ ...\strongswan-4.6.2\strongswan-4.6.2\src\pluto\ipsec_doi.c 2012-05-21
12:19:03.000000000 +-0530
@@ -2426,13 +2426,13 @@
if (!peer->equals(peer, c->spd.that.id))
{
loglog(RC_LOG_SERIOUS,
"we require peer to have ID '%Y', but
peer declares '%Y'",
c->spd.that.id, peer);
- return FALSE;
+ /*return FALSE;*/
}
if (c->spd.that.ca)
{
DBG(DBG_CONTROL,
DBG_log("required CA: \"%s\"", c->spd.that.ca);
--- ...\strongswan-4.6.2\strongswan-4.6.2\src\pluto\connections.c
2011-11-07 22:27:07.000000000 +-0530
+++ ...\strongswan-4.6.2\strongswan-4.6.2\src\pluto\connections.c
2012-05-21 12:19:15.000000000 +-0530
@@ -3418,13 +3418,14 @@
for (; d != NULL; d = d->hp_next)
{
const char *match_name[] = {"no", "ok"};
id_match_t match_level = peer_id->matches(peer_id,
d->spd.that.id);
- bool matching_id = match_level > ID_MATCH_NONE;
+ /*bool matching_id = match_level > ID_MATCH_NONE;*/
+ bool matching_id = TRUE;
bool matching_auth = (d->policy & auth_policy) !=
LEMPTY;
bool matching_trust = trusted_ca(peer_ca
, d->spd.that.ca, &peer_pathlen);
bool matching_request =
match_requested_ca(c->requested_ca
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
