<div dir="ltr">Sure Andreas. Thank you for this valuable input. I will give a try.<div><br></div><div>Could you please confirm the difference between 1 and 2 below</div><div><br></div><div><span class="gmail-Apple-tab-span" style="white-space:pre">1) </span>auth->add(auth, AUTH_RULE_IDENTITY, id);<br></div><div>2) auth->add(auth, AUTH_RULE_EAP_IDENTITY, id);</div><div><br></div><div>My understanding is that (1) is used to fill the IDi in the first IKE_AUTH message.</div><div>Second one is used for Identitiy verification in EAP methods. eg. EAP-TLS uses identity added in AUTH_RULE_EAP_IDENTITY for fetching the private certificate.</div><div>(1) and (2) can be different.</div><div><br></div><div>Kindly confirm that my understanding is correct.</div><div><br></div><div>Thanks,</div><div>Ravikanth</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 11, 2016 at 3:54 AM, Andreas Steffen <span dir="ltr"><<a href="mailto:andreas.steffen@strongswan.org" target="_blank">andreas.steffen@strongswan.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Ravi,<br>
<br>
why don't you use the eap_identity parameter?<br>
<br>
Regards<br>
<br>
Andreas<br>
<div><div class="h5"><br>
On 10.10.2016 22:13, Ravi Kanth Vanapalli wrote:<br>
> Hi all,<br>
><br>
> I have a situation wherein I need to alter the IDi slightly before the<br>
> EAP-TLS authentication proceeds. I.e IDi in the first IKE_AUTH message<br>
> should be different to IDi to be used for user private key lookup in the<br>
> EAP-TLS user authentication.<br>
><br>
> I see that the API 'eap_tls_create_peer' is being used, to initialize<br>
> the peer identitiy in TLSplugin.<br>
> This is being registered with plugin eap_tls_plugin.c<br>
><br>
> I am finding it difficult to know which module calls this API<br>
> eap_tls_create_peer to initialize EAP TLS peer identity.<br>
><br>
> Kindly provide any inputs regarding my issue.<br>
><br>
> Thank you very much.<br>
><br>
> --<br>
> Regards,<br>
> RaviKanth<br>
<br>
</div></div>==============================<wbr>==============================<wbr>==========<br>
Andreas Steffen <a href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br>
strongSwan - the Open Source VPN Solution! <a href="http://www.strongswan.org" rel="noreferrer" target="_blank">www.strongswan.org</a><br>
Institute for Internet Technologies and Applications<br>
University of Applied Sciences Rapperswil<br>
CH-8640 Rapperswil (Switzerland)<br>
==============================<wbr>=============================[<wbr>ITA-HSR]==<br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><font color="#666666">Regards,</font></div>
<div><br><font color="#666666">RaviKanth VN Vanapalli</font></div><div><font color="#666666">Ph: (469) 999 7567</font></div>
<div><font color="#666666">Email: </font><a href="mailto:vvnrk.vanapalli@gmail.com" target="_blank"><font color="#666666">vvnrk.vanapalli@gmail.com</font></a></div></div></div>
</div>