[strongSwan] Authentication Payload after succesfull EAP-MD5 authentication

R R ukir85 at hotmail.com
Thu Oct 21 12:48:55 CEST 2010


I'm having problems to get IKE authentication passed after succesfull EAP-MD5 authentication.

I get the error:

11[ENC] "Authentication verification failed"

How is the IKEv2 AUTH payload calculated after EAP-MD5 authentication?

I'm having intuition that it should go exactly as for PSK authentication payload, except that the paddingstring is "Key Pad for EAP-IKEv2" and key for auth payload calculation is SK_pi? Or should it be master session key by EAP?

Is the message content taken for the auth payload calculations from the first initialization messages and as well as nonces and identifiers.

Without EAP I get success for PSK and RSA authentications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101021/ef189c89/attachment.html>

More information about the Users mailing list