[strongSwan] IKEv2 Auth Data Calculation
martin at strongswan.org
Wed Nov 21 13:39:22 CET 2012
> But, when I try to send wrong ID payload Data and calculate the Auth
> Data with that wrong ID payload Data And Send to Responder(In my case
> strongswan) It should process that packet. But for Some reason It is
> sending the Auth Failure message.
So you are just using a different IDi to initiate against strongSwan,
but calculate the AUTH payload correctly? Does the strongSwan responder
have a configuration for this different IDi? Do you have a PSK defined
for it? What is the error message seen in the strongSwan responder log
before sending AUTHENTICATION_FAILED?
> Whereas if the formula mentioned above is followed Then Auth Failure
> should only occur in case there is a mismatch between ID payload Data
> and the Id data that is used for calculating the Auth Data.
AUTHENTICATION_FAILED notifications are sent for different reasons,
including if no connection definition is found for the received
identity, or no PSK has been found.
More information about the Users