>From the code it looks like, identity set using AUTH_RULE_EAP_IDENTITY is used only in the EAP Identity rounds . This identity is not being used for id check in API find_private_key in tls_peer.c
Thanks, Ravikanth On Tue, Oct 11, 2016 at 12:09 PM, Ravi Kanth Vanapalli < vvnrk.vanapa...@gmail.com> wrote: > Dear Andreas, > Looks my issue is not solved yet. > I have modified the identity with the statement below > (1) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id2); > > But still EAP-TLS is looking for Idenity set with > > 1) auth->add(auth, AUTH_RULE_IDENTITY, id1); > > Can you please help me with this issue. > > Thanks, > Ravikanth > > On Tue, Oct 11, 2016 at 12:02 PM, Ravi Kanth Vanapalli < > vvnrk.vanapa...@gmail.com> wrote: > >> Dear Andreas, >> Thank you for your valuable inputs. My issue is solved now. >> >> Thanks, >> Ravikanth >> >> On Tue, Oct 11, 2016 at 8:47 AM, Andreas Steffen < >> andreas.stef...@strongswan.org> wrote: >> >>> aaa_identity is used by an EAP client to verify the identity >>> in the TLS server certificate if it is different from the IKEv2 >>> server certificate. >>> >>> Regards >>> >>> Andreas >>> >>> On 11.10.2016 13:36, Ravi Kanth Vanapalli wrote: >>> > Adding option (3) here. >>> > >>> > 3) auth->add(auth, AUTH_RULE_AAA_IDENTITY, id) >>> > >>> > Which of the following identities (1),2 or 3 is used to fetch the >>> > private key in EAP_TLS authentcation. >>> > >>> > >>> > On Tue, Oct 11, 2016 at 7:28 AM, Ravi Kanth Vanapalli >>> > <vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com>> wrote: >>> > >>> > Sure Andreas. Thank you for this valuable input. I will give a try. >>> > >>> > Could you please confirm the difference between 1 and 2 below >>> > >>> > 1) auth->add(auth, AUTH_RULE_IDENTITY, id); >>> > 2) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id); >>> > >>> > My understanding is that (1) is used to fill the IDi in the first >>> > IKE_AUTH message. >>> > Second one is used for Identitiy verification in EAP methods. eg. >>> > EAP-TLS uses identity added in AUTH_RULE_EAP_IDENTITY for fetching >>> > the private certificate. >>> > (1) and (2) can be different. >>> > >>> > Kindly confirm that my understanding is correct. >>> > >>> > Thanks, >>> > Ravikanth >>> > >>> > On Tue, Oct 11, 2016 at 3:54 AM, Andreas Steffen >>> > <andreas.stef...@strongswan.org >>> > <mailto:andreas.stef...@strongswan.org>> wrote: >>> > >>> > Hi Ravi, >>> > >>> > why don't you use the eap_identity parameter? >>> > >>> > Regards >>> > >>> > Andreas >>> > >>> > On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote: >>> > > Hi all, >>> > > >>> > > I have a situation wherein I need to alter the IDi slightly >>> > before the >>> > > EAP-TLS authentication proceeds. I.e IDi in the first >>> IKE_AUTH >>> > message >>> > > should be different to IDi to be used for user private key >>> > lookup in the >>> > > EAP-TLS user authentication. >>> > > >>> > > I see that the API 'eap_tls_create_peer' is being used, to >>> > initialize >>> > > the peer identitiy in TLSplugin. >>> > > This is being registered with plugin eap_tls_plugin.c >>> > > >>> > > I am finding it difficult to know which module calls this API >>> > > eap_tls_create_peer to initialize EAP TLS peer identity. >>> > > >>> > > Kindly provide any inputs regarding my issue. >>> > > >>> > > Thank you very much. >>> > > >>> > > -- >>> > > Regards, >>> > > RaviKanth >>> > >>> > =========================================================== >>> =========== >>> > Andreas Steffen >>> > andreas.stef...@strongswan.org >>> > <mailto:andreas.stef...@strongswan.org> >>> > strongSwan - the Open Source VPN Solution! >>> > www.strongswan.org <http://www.strongswan.org> >>> > Institute for Internet Technologies and Applications >>> > University of Applied Sciences Rapperswil >>> > CH-8640 Rapperswil (Switzerland) >>> > =========================================================== >>> [ITA-HSR]== >>> > >>> > >>> > >>> > >>> > -- >>> > Regards, >>> > >>> > RaviKanth VN Vanapalli >>> > Email: vvnrk.vanapa...@gmail.com <mailto:vvnrk.vanapa...@gmail.com >>> > >>> > >>> > >>> > >>> > >>> > -- >>> > Regards, >>> > >>> > RaviKanth VN Vanapalli >>> > >>> >>> -- >>> ====================================================================== >>> Andreas Steffen andreas.stef...@strongswan.org >>> strongSwan - the Open Source VPN Solution! www.strongswan.org >>> Institute for Internet Technologies and Applications >>> University of Applied Sciences Rapperswil >>> CH-8640 Rapperswil (Switzerland) >>> ===========================================================[ITA-HSR]== >>> >>> >> >> >> -- >> Regards, >> >> RaviKanth VN Vanapalli >> Ph: (469) 999 7567 >> Email: vvnrk.vanapa...@gmail.com >> > > > > -- > Regards, > > RaviKanth VN Vanapalli > Ph: (469) 999 7567 > Email: vvnrk.vanapa...@gmail.com > -- Regards, RaviKanth VN Vanapalli Ph: (469) 999 7567 Email: vvnrk.vanapa...@gmail.com
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
