[strongSwan] Weird NAT IP as username.

Andreas Steffen andreas.steffen at strongswan.org
Sat Apr 6 16:43:26 CEST 2013 

Hi Kris,

192.168.3.254 is just the outer IKEv2 client identity and is
equivalent to the client IP address in the local LAN behind
the NAT router. The inner EAP identity is not visible in the gateway
log because it is handled by the RADIUS server.

Don't worry!

Andreas

On 04/06/2013 04:08 PM, Kris wrote:
> 
> I got weird log in Strongswan like:
> 
> Apr  3 06:31:36 13[ENC] parsed IKE_AUTH request 6 [ AUTH ]
> Apr  3 06:31:36 13[IKE] authentication of '192.168.3.254' with EAP
> successful
> Apr  3 06:31:36 13[IKE] authentication of 'xx.com <http://xx.com>'
> (myself) with EAP
> Apr  3 06:31:36 13[IKE] IKE_SA win7[16115] established between
> 19.45.16.1[xx.com <http://xx.com>]...12.46.25.8[192.168.3.254]
> 
> Apr  3 06:31:36 13[IKE] authentication of '192.168.3.254' with EAP
> successful
> 
> How could this possible? '192.168.3.254' isn't my Radius' user at all,
> how could it act like VPN username ?
> 
> I'm runing 5.0.2dr4, is this a bug or my config mistake? 
> 
> conn win7
>         keyexchange=ikev2
>         left=%any
>         leftid=xx.com <http://xx.com>
>         leftsubnet=0.0.0.0/0 <http://0.0.0.0/0>
>         leftauth=pubkey
>         leftcert=gw.cer
>         right=%any
>         rightsendcert=never
>         rightauth=eap-radius
>         eap_identity=%identity
>         rightsourceip=%ippool
>         ikelifetime=48h
>         lifetime=48h
>         rekeymargin=9m
>         rekey=no
>         reauth=no
>         dpddelay=30
>         dpdtimeout=150
>         dpdaction=clear  
> 
> --
> Kris

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4468 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130406/b880a417/attachment.bin>

More information about the Users mailing list