ignore mismatch in received identity.

This is needed, because the standard mandates that the remote entity
must be configured as ims (mimicking the APN setting I think), but on
the other hand the ePDG will identify itself with its FQDN in the end. I
tested this and this is currently the only way to do it with strongswan
I think, because you cannot configure different identities.
laforge/swu
Tomcsányi, Domonkos 1 year ago committed by Harald Welte
parent 18b4a240dd
commit 65f576bd9c
  1. 2
      README.md
  2. 5
      src/libstrongswan/credentials/auth_cfg.c

@ -1,4 +1,4 @@
# strongSwan Configuration #
## Patched version, containing patch to disable parsing of AUTH payload in IKEv2 Phase2, because we only want EAP-AKA ##
## Overview ##

@ -944,6 +944,7 @@ METHOD(auth_cfg_t, complies, bool,
id1 = (identification_t*)value;
id2 = get(this, t1);
/*
if (!id2 || !id2->matches(id2, id1))
{
if (t1 == AUTH_RULE_IDENTITY &&
@ -965,6 +966,10 @@ METHOD(auth_cfg_t, complies, bool,
"EAP ", id1);
}
}
*/
DBG1(DBG_CFG, "constraint check failed, but we are ignoring it for now: %sidentity '%Y'"
" required ", t1 == AUTH_RULE_IDENTITY ? "" :
"EAP ", id1);
break;
}
case AUTH_RULE_AUTH_CLASS:

Loading…
Cancel
Save