[strongSwan] IKEv2 Auth Data Calculation

Martin Willi martin at strongswan.org
Wed Nov 21 13:39:22 CET 2012

H Avishek,

> But, when I try to send wrong ID payload Data and calculate the Auth
> Data with that wrong ID payload Data And Send to Responder(In my case
> strongswan) It should process that packet. But for Some reason It is
> sending the Auth Failure message.

So you are just using a different IDi to initiate against strongSwan,
but calculate the AUTH payload correctly? Does the strongSwan responder
have a configuration for this different IDi? Do you have a PSK defined
for it? What is the error message seen in the strongSwan responder log

> Whereas if the formula mentioned above is followed Then Auth Failure
> should only occur in case there is a mismatch between ID payload Data
> and the Id data that is used for calculating the Auth Data.

AUTHENTICATION_FAILED notifications are sent for different reasons,
including if no connection definition is found for the received
identity, or no PSK has been found.


More information about the Users mailing list