<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello all,<br>
<br>
I wonder if anyone out there can point me in the right direction.<br>
I'm looking to use strongSwan as an ePDG in an IMS network.<br>
<br>
The IMS client (Android) is sending:<br>
<br>
<tt> IKE_AUTH request 1 [ IDi IDr CP(ADDR6 DNS6 (16390)) SA TSi TSr
N(HTTP_CERT_LOOK) N(EAP_ONLY) N(INIT_CONTACT) N(NON_FIRST_FRAG) ]</tt><br>
<br>
The IDr attribute in the IKE_AUTH is:<br>
<b>ID Type: KEY_ID (0x0b)</b><br>
Protocol ID: unused (0x00)<br>
Port: unused (0x00)<br>
Identification Data: (0x69, 0x6d, 0x73 = 'ims')<br>
<br>
strongSwan responds:<br>
<br>
<tt>charon: 02[CFG] looking for peer configs matching
10.0.2.60[ims]...X.X.X.X[0<IMSI>@nai.epc.mncXXX.mccXXX.3gppnetwork.org]</tt><tt><br>
</tt><tt>charon: 02[CFG] peer config match local: 0 (ID_KEY_ID ->
69:6d:73)</tt><tt><br>
</tt><tt>charon: 02[CFG] peer config match remote: 19
(ID_RFC822_ADDR -> xxxxxxx)</tt><tt><br>
</tt><tt>charon: 02[CFG] ike config match: 2 (10.0.2.60 X.X.X.X)</tt><tt><br>
</tt><tt>charon: 02[CFG] no matching peer config found</tt><tt><br>
</tt><tt>charon: 02[ENC] generating IKE_AUTH response 1 [
N(AUTH_FAILED) ]</tt><br>
<br>
I think this is because of the ID Type.<br>
<br>
I've configured leftid=@#69:6d:73<br>
<br>
But when I restart strongSwan I see this in the logs:<br>
<br>
<tt>May 9 20:49:54 ip-10-0-0-75 charon: 12[CFG] id 'ims' not
confirmed by certificate, defaulting to 'CN=ims, N=ims'<br>
<br>
<br>
</tt>The certificate has a subjectAltName= DNS:ims and a
CN=ims/name=ims.<br>
<br>
Does anyone know if its possible to get strongSwan to match the IDr
when the type is KEY_ID?<br>
<br>
Thanks in advance<br>
Alan <br>
<br>
<br>
<br>
<br>
<br>
<br>
</body>
</html>