[strongSwan] [Strongswan] Authentication based on X.509 using DN identification has failed and getting errors

SaRaVanAn saravanan.nagarajan87 at gmail.com
Fri Nov 2 11:56:54 CET 2012

Hi Tobias,
    I understand that IKE_AUTH response should contain IDr payload.

Netgear (Initiator)   ---- Strongswan(Responder)            

>>>> 13[CFG] looking for peer configs matching[%any]...[]
> >>>>>>>>>>>>>>the problem is that the IDi is empty ([])

                     But I don't agree with the above point. Netgear is not
sending an empty IDi payload. It's sending  a valid IDi payload with proper
identification data and I attached IKEv2 packet dumps (strongswan -Netgear)
for your reference.  I guess there is some problem in Strongswan IKE_AUTH
request parsing code for dn identification.

Please correct me , If I am wrong.

Thanks in advance.

> Regards,
> Saravanan N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121102/216a11e3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IKEV2_decoded_packet.pcap
Type: application/octet-stream
Size: 3429 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121102/216a11e3/attachment.obj>

More information about the Users mailing list