[strongSwan-dev] authorize hook on IKE auth

Martin Willi martin at strongswan.org
Tue Jul 25 10:53:19 CEST 2017

Hi Emeric

> The authorize hook is called before the auth config is applied to the
> current IKE SA.

This is intended. apply_auth_cfg() copies the currently active
authentication round to the list of completed authentication rounds.

In your authorize hook, you can use ike_sa_t.get_auth_cfg() to get the
current authentication round data; after apply_auth_cfg() that object
is placed into the rounds completed. You can enumerate all completed
rounds using ike_sa_t.create_auth_cfg_enumerator().


More information about the Dev mailing list