Hi Kris, 192.168.3.254 is just the outer IKEv2 client identity and is equivalent to the client IP address in the local LAN behind the NAT router. The inner EAP identity is not visible in the gateway log because it is handled by the RADIUS server.
Don't worry! Andreas On 04/06/2013 04:08 PM, Kris wrote: > > I got weird log in Strongswan like: > > Apr 3 06:31:36 13[ENC] parsed IKE_AUTH request 6 [ AUTH ] > Apr 3 06:31:36 13[IKE] authentication of '192.168.3.254' with EAP > successful > Apr 3 06:31:36 13[IKE] authentication of 'xx.com <http://xx.com>' > (myself) with EAP > Apr 3 06:31:36 13[IKE] IKE_SA win7[16115] established between > 19.45.16.1[xx.com <http://xx.com>]...12.46.25.8[192.168.3.254] > > Apr 3 06:31:36 13[IKE] authentication of '192.168.3.254' with EAP > successful > > How could this possible? '192.168.3.254' isn't my Radius' user at all, > how could it act like VPN username ? > > I'm runing 5.0.2dr4, is this a bug or my config mistake? > > conn win7 > keyexchange=ikev2 > left=%any > leftid=xx.com <http://xx.com> > leftsubnet=0.0.0.0/0 <http://0.0.0.0/0> > leftauth=pubkey > leftcert=gw.cer > right=%any > rightsendcert=never > rightauth=eap-radius > eap_identity=%identity > rightsourceip=%ippool > ikelifetime=48h > lifetime=48h > rekeymargin=9m > rekey=no > reauth=no > dpddelay=30 > dpdtimeout=150 > dpdaction=clear > > -- > Kris ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
