[strongSwan-dev] EAP-MD5
Aaron Zhang
azhang at SonicWALL.com
Tue Mar 9 08:53:26 CET 2010
Hi All,
I want to use StrongSwan as a client to set up VPN tunnel with other device. And I configure the authentication mode as EAP_MD5. However, I met some problems. My configuration file is as follows:
conn test
leftauth=eap
eap_identity=aaron
rightauth=psk
keyexchange=ikev2
left=x.x.x.x
leftsourceip=%config
right=y.y.y.y
rightsubnet=192.168.168.0/24
auto=add
My ipsec.secrets is as follows:
x.x.x.x y.y.y.y : PSK "123456"
aaron : EAP "password"
And also I enable the eap plugin in strongswan.conf
But I capture the packet and found that strongswan send a eap response payload to peer only with 22 octets which does not include any information about the eap_identity. Refer to the RFC that says :
A summary of the Challenge and Response packet format is shown below.
The fields are transmitted from left to right.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I can not see the field Name in the packet. Is there any problem?
thanks
-Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100308/dba0be49/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2310 bytes
Desc: image001.gif
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20100308/dba0be49/attachment.gif>
More information about the Dev
mailing list