do not send certificate requests in EAP-ONLY scenarios
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 Oct 2010 19:10:03 +0000 (21:10 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 Oct 2010 19:10:03 +0000 (21:10 +0200)
testing/tests/ikev2/rw-eap-tnc-block/evaltest.dat
testing/tests/ikev2/rw-eap-tnc-block/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc-block/hosts/dave/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc/evaltest.dat
testing/tests/ikev2/rw-eap-tnc/hosts/carol/etc/ipsec.conf
testing/tests/ikev2/rw-eap-tnc/hosts/dave/etc/ipsec.conf

index 0143225..2304df2 100644 (file)
@@ -6,7 +6,7 @@ dave::cat /var/log/daemon.log::TNCCS-Recommendation.*none::YES
 dave::cat /var/log/daemon.log::received EAP_FAILURE, EAP authentication failed::YES
 dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.0/16::NO
 moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES                
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES 
 moon::cat /var/log/daemon.log::EAP method EAP_TTLS failed for peer dave@strongswan.org::YES
 carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
 dave::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_VENUS: icmp_seq=1::NO
index 834c903..c19192d 100755 (executable)
@@ -18,5 +18,6 @@ conn home
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
+       rightsendcert=never
        rightsubnet=10.1.0.0/16
        auto=add
index 836965a..7d5ea8b 100755 (executable)
@@ -18,5 +18,6 @@ conn home
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
+       rightsendcert=never
        rightsubnet=10.1.0.0/16
        auto=add
index cebfff2..a027551 100644 (file)
@@ -7,7 +7,7 @@ dave::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established ::
 dave::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
 dave::cat /var/log/daemon.log::CHILD_SA home{1} established.*TS 192.168.0.200/32 === 10.1.0.16/28::YES
 moon::cat /var/log/daemon.log::added group membership 'allow'::YES
-moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES              
+moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
 moon::cat /var/log/daemon.log::added group membership 'isolate'::YES
 moon::cat /var/log/daemon.log::authentication of 'dave@strongswan.org' with EAP successful::YES
 moon::ipsec statusall::rw-allow.*10.1.0.0/28 === 192.168.0.100/32::YES
index 834c903..c19192d 100755 (executable)
@@ -18,5 +18,6 @@ conn home
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
+       rightsendcert=never
        rightsubnet=10.1.0.0/16
        auto=add
index 836965a..7d5ea8b 100755 (executable)
@@ -18,5 +18,6 @@ conn home
        leftfirewall=yes
        right=PH_IP_MOON
        rightid=@moon.strongswan.org
+       rightsendcert=never
        rightsubnet=10.1.0.0/16
        auto=add