[strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors
SaRaVanAn
saravanan.nagarajan87 at gmail.com
Fri Nov 2 11:56:54 CET 2012
Hi Tobias,
I understand that IKE_AUTH response should contain IDr payload.
Topology
_______
Netgear (Initiator) ---- Strongswan(Responder)
35.0.0.1 35.0.0.2
>>>> 13[CFG] looking for peer configs matching 35.0.0.2[%any]...35.0.0.1[]
> >>>>>>>>>>>>>>the problem is that the IDi is empty ([])
>
But I don't agree with the above point. Netgear is not
sending an empty IDi payload. It's sending a valid IDi payload with proper
identification data and I attached IKEv2 packet dumps (strongswan -Netgear)
for your reference. I guess there is some problem in Strongswan IKE_AUTH
request parsing code for dn identification.
Please correct me , If I am wrong.
Thanks in advance.
> Regards,
> Saravanan N
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121102/216a11e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IKEV2_decoded_packet.pcap
Type: application/octet-stream
Size: 3429 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121102/216a11e3/attachment.obj>
More information about the Users
mailing list