ignore mismatch in received identity.
This is needed, because the standard mandates that the remote entity must be configured as ims (mimicking the APN setting I think), but on the other hand the ePDG will identify itself with its FQDN in the end. I tested this and this is currently the only way to do it with strongswan I think, because you cannot configure different identities.
This commit is contained in:
parent
18b4a240dd
commit
65f576bd9c
|
@ -1,4 +1,4 @@
|
||||||
# strongSwan Configuration #
|
## Patched version, containing patch to disable parsing of AUTH payload in IKEv2 Phase2, because we only want EAP-AKA ##
|
||||||
|
|
||||||
## Overview ##
|
## Overview ##
|
||||||
|
|
||||||
|
|
|
@ -944,6 +944,7 @@ METHOD(auth_cfg_t, complies, bool,
|
||||||
|
|
||||||
id1 = (identification_t*)value;
|
id1 = (identification_t*)value;
|
||||||
id2 = get(this, t1);
|
id2 = get(this, t1);
|
||||||
|
/*
|
||||||
if (!id2 || !id2->matches(id2, id1))
|
if (!id2 || !id2->matches(id2, id1))
|
||||||
{
|
{
|
||||||
if (t1 == AUTH_RULE_IDENTITY &&
|
if (t1 == AUTH_RULE_IDENTITY &&
|
||||||
|
@ -965,6 +966,10 @@ METHOD(auth_cfg_t, complies, bool,
|
||||||
"EAP ", id1);
|
"EAP ", id1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
*/
|
||||||
|
DBG1(DBG_CFG, "constraint check failed, but we are ignoring it for now: %sidentity '%Y'"
|
||||||
|
" required ", t1 == AUTH_RULE_IDENTITY ? "" :
|
||||||
|
"EAP ", id1);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case AUTH_RULE_AUTH_CLASS:
|
case AUTH_RULE_AUTH_CLASS:
|
||||||
|
|
Loading…
Reference in New Issue