On Wed, Jul 24, 2024 at 06:20:26PM -0400, J Doe wrote: > My hypothesis is that iked does not name an identity because this is > certificate based authentication vs. MSCHAPv2 for EAP authentication > which would provide an identity (ie: a username). > > Is that correct ?
No. The identity that would be printed is the srcid of the peer. By default this would be it's hostname, and should be present in the SAN field of any certificate used for iked. You can see that error message displayed both with and without a named ID when using certificate authentication, depending on the cause of the error. It will also display without an ID even if one if known, if the printing code in iked fails some internal consistency checks, (which is unlikely but possible).
