<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta name="x_Generator" content="Microsoft Word 15 (filtered medium)">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif}
a:x_link, span.x_MsoHyperlink
{color:blue;
text-decoration:underline}
a:x_visited, span.x_MsoHyperlinkFollowed
{color:#954F72;
text-decoration:underline}
.x_MsoChpDefault
{}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.x_WordSection1
{}
-->
</style>
<div lang="EN-US" link="blue" vlink="#954F72">
<div class="x_WordSection1">
<p class="x_MsoNormal">Tobias, Thank you! Indeed your suggested workaround to delete the dots in section names fixed the issue.
</p>
<p class="x_MsoNormal"> </p>
<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">
<p class="x_MsoNormal" style="border:none; padding:0in"><b>From: </b><a href="mailto:tobias@strongswan.org">Tobias Brunner</a><br>
<b>Sent: </b>Thursday, November 30, 2017 8:49 AM<br>
<b>To: </b><a href="mailto:bls3427@outlook.com">bls s</a>; <a href="mailto:noel.kuntze+strongswan-users-ml@thermi.consulting">
Noel Kuntze</a>; <a href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a><br>
<b>Subject: </b>Re: [strongSwan] swanctl.conf EAP credential information</p>
</div>
<p class="x_MsoNormal"> </p>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hi,<br>
<br>
The problem are the dots in the section names of your EAP secrets. For<br>
instance:<br>
<br>
eap-user1@mydomain.com {<br>
id = user1@mydomain.com<br>
secret=secret1<br>
}<br>
<br>
When enumerating the id... keys in these sections the current section<br>
name was written to a string buffer instead of using the parameter<br>
evaluation provided by settings_t. All dots in strings are interpreted<br>
as section separators so the dot there caused a lookup of the section:<br>
<br>
eap-user1@mydomain {<br>
com {<br>
...<br>
}<br>
}<br>
<br>
But since that doesn't exist no id... key was found in this section and<br>
the secrets were not associated with any identities:<br>
<br>
> Wed, 2017-11-29 10:59 07[CFG] vici client 1 requests: load-shared<br>
> Wed, 2017-11-29 10:59 07[CFG] loaded EAP shared key with id 'eap-bls@mydomain.net' for: '%any'<br>
<br>
This basically caused the first of these secrets to get used for all<br>
clients.<br>
<br>
I pushed a fix to the swanctl-enumerate-kv branch (for connections and<br>
their subsections dots still can't be used, though).<br>
<br>
As a workaround don't use any dots in these section names.<br>
<br>
Regards,<br>
Tobias<br>
</div>
</span></font>
</body>
</html>