charon.follow_redirects = yes
Whether to follow IKEv2 redirects (RFC 5685).
+charon.force_eap_only_authentication = no
+ Violate RFC 5998 and use EAP-only authentication even if the peer did not
+ send an EAP_ONLY_AUTHENTICATION notify during IKE_AUTH.
+
charon.fragment_size = 1280
Maximum size (complete IP datagram size in bytes) of a sent IKE fragment
when using proprietary IKEv1 or standardized IKEv2 fragmentation, defaults
if (!this->ike_sa->supports_extension(this->ike_sa,
EXT_EAP_ONLY_AUTHENTICATION))
{
- DBG1(DBG_IKE, "configured EAP-only authentication, but peer "
- "does not support it");
- goto peer_auth_failed;
+ if (lib->settings->get_bool(lib->settings,
+ "%s.force_eap_only_authentication", FALSE, lib->ns))
+ {
+ DBG1(DBG_IKE, "ignore missing %N notify and use EAP-only "
+ "authentication", notify_type_names,
+ EAP_ONLY_AUTHENTICATION);
+ }
+ else
+ {
+ DBG1(DBG_IKE, "configured EAP-only authentication, but "
+ "peer does not support it");
+ goto peer_auth_failed;
+ }
}
}
else