15 lines
848 B
Plaintext
15 lines
848 B
Plaintext
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
|
|
The gateway <b>moon</b> does not send an AUTH payload thus signalling
|
|
a mutual <b>EAP-only</b> authentication.
|
|
<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
|
|
in association with a <i>GSM Subscriber Identity Module</i>
|
|
(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>.
|
|
In this scenario, triplets from the file <b>/etc/ipsec.d/triplets.dat</b>
|
|
are used instead of a physical SIM card on the client <b>carol</b>.
|
|
The gateway forwards all EAP messages to the RADIUS server <b>alice</b>
|
|
which also uses a static triplets file.
|
|
<p>
|
|
The roadwarrior <b>dave</b> sends wrong EAP-SIM triplets. As a consequence
|
|
the radius server <b>alice</b> returns an <b>Access-Reject</b> message
|
|
and the gateway <b>moon</b> sends back an <b>EAP_FAILURE</b>.
|