[strongSwan] EAP-AKA authentication without certificate request.
iamnotjessie at yahoo.com.tw
Thu Oct 14 12:26:03 CEST 2010
I'm trying to do eap-aka authentication without responder's certificate.
I am acting a client and initiates eap-aka authentication to a server.
I found the CERTREQ in IKE_AUTH request 1 message.
Is there any setting in ipsec.conf or any other configuration files to include or not include
CERTREQ in IKE_AUTH request 1 message?
If CERTREQ is included, and responder does not carry CERT in IKE_AUTH response, some error happened.
I have to set expect_another_auth to FALSE instead of TRUE when initialize in ike_auth_create() because
the error is "responder is not allowed to do EAP" in process_i() in ike_auth.c.
After this, another error "selected peer config 'conn' inacceptable" occurred.
So I remove update_cfg_candidates() in process_i() in ike_auth.c to avoid the problem.
After this, the procedure " generating CREATE_CHILD_SA request 4 [ SA No TSi TSr ]" happened.
Could anyone explain the relationships among all the modifications I made?
Thanks in advance!
Here is the ipsec.conf:
charondebug="knl 3, ike 3, lib 3"
leftid="adb at ttt.com"
More information about the Users