[strongSwan-dev] authorize hook on IKE auth

Emeric POUPON emeric.poupon at stormshield.eu
Tue Jul 25 12:23:17 CEST 2017

Hi Martin

>> The authorize hook is called before the auth config is applied to the
>> current IKE SA.
> This is intended. apply_auth_cfg() copies the currently active
> authentication round to the list of completed authentication rounds.
> In your authorize hook, you can use ike_sa_t.get_auth_cfg() to get the
> current authentication round data; after apply_auth_cfg() that object
> is placed into the rounds completed. You can enumerate all completed
> rounds using ike_sa_t.create_auth_cfg_enumerator().

Thanks for your answer.
It seems to work fine using IKEv2 with PSK and PKI configs.

However, it does not seem to work the same way with IKEv1 configs.
During the hook, there is no active authentication round data, but it is set in the list of completed rounds.

Is that a normal behavior?


More information about the Dev mailing list