updated rw-eap-aka-rsa scenario
This commit is contained in:
parent
005861b47b
commit
a37e8f32d8
|
@ -1,7 +1,6 @@
|
|||
moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES
|
||||
carol::ipsec statusall::home\[2\].*ESTABLISHED::YES
|
||||
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 30s, scheduling reauthentication in 25s::YES
|
||||
carol::cat /var/log/daemon.log::maximum IKE_SA lifetime 30s::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
|
|
|
@ -2,7 +2,6 @@ moon::ipsec statusall::rw\[2\].*ESTABLISHED::YES
|
|||
carol::ipsec statusall::home\[2\].*ESTABLISHED::YES
|
||||
carol::cat /var/log/daemon.log::received AUTH_LIFETIME of 3600s, scheduling reauthentication in 3595s::YES
|
||||
carol::cat /var/log/daemon.log::scheduling reauthentication in 2[0-5]s::YES
|
||||
carol::cat /var/log/daemon.log::maximum IKE_SA lifetime [23][0-9]s::YES
|
||||
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_seq=1::YES
|
||||
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
|
||||
moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
|
||||
|
|
|
@ -2,6 +2,6 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
|
|||
<b>carol</b> uses the <i>Extensible Authentication Protocol</i>
|
||||
in association with the <i>Authentication and Key Agreement</i> protocol
|
||||
(<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
|
||||
in UMTS, but here a secret from ipsec.secrets is used instead of a USIM/(R)UIM.
|
||||
Gateway <b>moon</b> additionaly uses an RSA signature to authenticate itself
|
||||
in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
|
||||
Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
|
||||
against <b>carol</b>.
|
|
@ -1,5 +1,5 @@
|
|||
carol::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' with RSA signature successful::YES
|
||||
carol::cat /var/log/daemon.log::authentication of '@moon.strongswan.org' with EAP successful::YES
|
||||
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA signature successful::YES
|
||||
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
|
||||
moon::cat /var/log/daemon.log::authentication of 'carol@strongswan.org' with EAP successful::YES
|
||||
moon::ipsec statusall::rw-eapaka.*ESTABLISHED::YES
|
||||
carol::ipsec statusall::home.*ESTABLISHED::YES
|
|
@ -1,3 +1,3 @@
|
|||
# /etc/ipsec.secrets - strongSwan IPsec secrets file
|
||||
|
||||
carol@strongswan.org : PSK "Ar3etTnp01qlpOgb"
|
||||
carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
: RSA moonKey.pem
|
||||
|
||||
carol@strongswan.org : PSK "Ar3etTnp01qlpOgb"
|
||||
carol@strongswan.org : EAP "Ar3etTnp01qlpOgb"
|
|
@ -0,0 +1,4 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
||||
moon::/etc/init.d/iptables stop 2> /dev/null
|
||||
carol::/etc/init.d/iptables stop 2> /dev/null
|
|
@ -0,0 +1,7 @@
|
|||
moon::/etc/init.d/iptables start 2> /dev/null
|
||||
carol::/etc/init.d/iptables start 2> /dev/null
|
||||
moon::ipsec start
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
||||
carol::sleep 1
|
|
@ -1,2 +0,0 @@
|
|||
moon::ipsec stop
|
||||
carol::ipsec stop
|
|
@ -1,5 +0,0 @@
|
|||
moon::echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
moon::ipsec start
|
||||
carol::ipsec start
|
||||
carol::sleep 1
|
||||
carol::ipsec up home
|
Loading…
Reference in New Issue