[strongSwan-dev] get_*_id () APIs

Martin Willi martin at strongswan.org
Wed Jul 30 09:01:07 CEST 2014

> What's the difference between eg. get_other_id () and get_other_eap_id
> () ? Will the *generic* one return the same identification_t struct on
> a IKE SA that uses EAP as get_other_eap_id() ?

get_other_id() returns the IKE identity of the last non-EAP/non-XAuth
authentication round done to authenticate the peer.

get_other_eap_id() returns the EAP or XAuth identity used during the
last round, if any. If no EAP/XAuth was involved, it returns the same
identity as get_other_id().

So the first is strictly bound to the IKE identity used, where the
second in most cases returns the "real" identity used for
authentication. When using EAP, in many implementations the IKE identity
is not filled with anything helpful.


More information about the Dev mailing list