[strongSwan] Windows 7 Bug ?

Claude Tompers claude.tompers at restena.lu
Mon Jul 12 14:24:07 CEST 2010 

Hello,

When using the Windows IKEv2 Client with the strongswan VPN Server, I can observe the following logs :

Jul 12 13:52:54 vpn6-pub charon: 17[CFG] looking for peer configs matching 192.168.1.13[%any]...192.168.152.118[10.0.0.101]

With the same configuration, using a strongswan client, I get the following logs :

Jul 12 13:55:06 vpn6-pub charon: 31[CFG] looking for peer configs matching 192.168.1.13[vpn6-pub.restena.lu]...192.168.152.118[ctompers]

Both clients are connected behind the same NAT'ed ADSL connection. They authenticate themselves using EAP-MSCHAPv2.
I'm able to see their public IP address 192.168.152.118, so far so good. But where strongswan fills in the EAP username 'ctompers' as ID, which is perfectly logical to me, Windows 7 puts its local IP '10.0.0.101'.

Is this a known bug for Windows 7 or is it supposed to do that ? Is there maybe a config tweak to see the EAP username for Windows 7 clients as well ?


Here is my ipsec.conf

conn %default
        ike=aes256-sha1-modp2048-modp1536-modp1024!
        esp=aes256-sha1!
        dpdaction=clear
        dpddelay=60s
        dpdtimeout=300s
        rekeymargin=3m
        keyingtries=1
        keylife=20m
        inactivity=300s
        leftsubnet=0.0.0.0/0
        leftcert=vpn6-pub.restena.lu-cert.pem
        leftid=@vpn6-pub.restena.lu
        right=%any
        auto=add

conn ikev2
        keyexchange=ikev2
        rekey=no
        left=%any
        leftauth=pubkey
        eap_identity=%identity
        rightauth=eap-radius
        rightsourceip=192.168.120.192/26



thanks a lot for your answers

kind regards
Claude


-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100712/5b6d16b0/attachment.pgp>

More information about the Users mailing list