14 lines
743 B
Plaintext
14 lines
743 B
Plaintext
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
|
|
At the outset the gateway authenticates itself to the client by sending
|
|
an IKEv2 <b>digital signature</b> accompanied by an X.509 certificate.
|
|
<p/>
|
|
Next <b>carol</b> uses the GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>)
|
|
method of the <i>Extensible Authentication Protocol</i> to authenticate herself.
|
|
In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> are used
|
|
instead of a physical SIM card.
|
|
<p/>
|
|
The gateway forwards all EAP messages to the RADIUS server <b>alice</b>
|
|
which also uses static triplets. In addition to her IKEv2 identity
|
|
<b>carol@strongswan.org</b>, roadwarrior <b>carol</b> uses the EAP
|
|
identity <b>228060123456001</b>.
|