[strongSwan-dev] problem with local authentication method as NONE

Martin Willi martin at strongswan.org
Fri Jul 25 10:58:20 CEST 2014

Kindly asking to keep the discussion on the mailing list, thanks.

> GW is running on our own proprietary IPsec STACK. Regarding "returning
> AUTHENTICATION_FAILED", I think GW cannot do this, because this error
> code should be sent when the PEER authentication is failed, however
> here PEER authentication is perfectly alright.

And how is this issue related to strongSwan, then? This is the mailing
list of the strongSwan project.

If you allow allow "local authentication method is not configured" in
your implementation, it is up to your implementation how to handle that
case. If you think this is an IKEv2 standardization issue (which I
really don't think it is), you may ask at the IETF IPsec mailing list.

I think it is an implementation and not a standards issue, and one of my
proposed ideas could certainly work in that situation.


More information about the Dev mailing list