File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / ikev2 / rw-eap-sim-radius / description.txt
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:47 2020 UTC (4 years, 5 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the clients by sending
an IKEv2 <b>digital signature</b> accompanied by an X.509 certificate.
<p/>
Next the clients use the GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>)
method of the <i>Extensible Authentication Protocol</i> to authenticate themselves.
In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> are used
instead of a physical SIM card.
<p/>
The gateway forwards all EAP messages to the RADIUS server <b>alice</b>
which also uses static triplets.
<p/>
The roadwarrior <b>dave</b> sends wrong EAP-SIM triplets. As a consequence
the RADIUS server <b>alice</b> returns an <b>Access-Reject</b> message
and the gateway <b>moon</b> sends back <b>EAP_FAILURE</b>.

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>