The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the clients by sending
an IKEv2 <b>RSA signature</b> accompanied by a certificate.
The roadwarriors then use the <i>Extensible Authentication Protocol</i>
in association with an <i>MD5</i> challenge and response protocol
(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b> and includes
a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the
derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b>
but since both peers don't enforce the use of a PPK they fall back to regular
authentication by use of the authentication data provided in the NO_PPK_AUTH
notify.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to description.txt CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / testing / tests / swanctl / rw-eap-md5-id-rsa-ppk