cosmetics in ikev2/rw-eap-aka-id-rsa scenario
This commit is contained in:
parent
d3fbc75e85
commit
76206ecab9
|
@ -1,8 +1,9 @@
|
|||
at the outset the gateway authenticates itself to the client by sending an
|
||||
IKEv2 <b>RSA signature</b> accompanied by a certificate.
|
||||
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
|
||||
<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
|
||||
in association with the <i>Authentication and Key Agreement</i> protocol
|
||||
(<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
|
||||
in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
|
||||
In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior <b>carol</b>
|
||||
uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b>
|
||||
to authenticate itself against <b>carol</b>.
|
||||
uses the EAP identity <b>carol</b>.
|
||||
|
|
|
@ -2,7 +2,7 @@ carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA
|
|||
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||
moon::cat /var/log/daemon.log::using EAP identity.*carol::YES
|
||||
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||
moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES
|
||||
moon::ipsec statusall::rw-eap.*ESTABLISHED::YES
|
||||
carol::ipsec statusall::home.*ESTABLISHED::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
|
|
|
@ -11,7 +11,7 @@ conn %default
|
|||
keyingtries=1
|
||||
keyexchange=ikev2
|
||||
|
||||
conn rw-eapaka
|
||||
conn rw-eap
|
||||
authby=rsasig
|
||||
eap=aka
|
||||
eap_identity=%identity
|
||||
|
|
Loading…
Reference in New Issue