Return to description.txt CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / swanctl / mult-auth-rsa-eap-sim-id |
1.1 misho 1: The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b> 2: using multiple authentication exchanges (RFC 4739). In a first round 3: both <b>carol</b> and <b>moon</b> authenticate themselves by sending 4: an IKEv2 <b>RSA signature</b> accompanied by a certificate. 5: <p> 6: In a second round <b>carol</b> then uses the <i>Extensible Authentication Protocol</i> 7: in association with a <i>GSM Subscriber Identity Module</i> (<b>EAP-SIM</b>) to 8: authenticate herself against the remote RADIUS server <b>alice</b>. 9: In this scenario, triplets from the file <b>/etc/ipsec.d/triplets.dat</b> 10: are used instead of a physical SIM card on the client <b>carol</b>. 11: The gateway forwards all EAP messages to the RADIUS server <b>alice</b> 12: which also uses a static triplets file. 13: <p> 14: The roadwarrior <b>dave</b> also uses multiple authentication and succeeds 15: in the first round but sends wrong EAP-SIM triplets in the second round. 16: As a consequence the radius server <b>alice</b> returns an <b>Access-Reject</b> 17: message and the gateway <b>moon</b> sends back an <b>EAP_FAILURE</b>.