Hi,
I checked my IPsec log today and i got this:
That means that this unknown user got pass my Phase 1 auth and reached PH1 proposal check? I have rsa signature authentication on my server.
The rest of the log from unknown users trying to connect to my IKEv2 IPsec server shows invalid exchange type 243.
As per IKEv2 RFC7296:
The first pair of messages (IKE_SA_INIT) negotiate
cryptographic algorithms, exchange nonces, and do a Diffie-Hellman
exchange [DH].
So, no, he did not go past the authentication process, since the first thing that happens in IKEv2 are those 3 exchanges. Authentication comes after that.