<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><div id="yiv651969355"><table cellspacing="0" cellpadding="0" border="0" id="yiv651969355bodyDrftID" class="yiv651969355"><tbody><tr><td id="yiv651969355drftMsgContent" style="font:inherit;font-family:arial;font-size:10pt;"><span class="yiv651969355Apple-style-span" style="font-family:arial, helvetica, clean, sans-serif;border-collapse:collapse;line-height:15px;">Hi, Martin, Hi, Andreas, Hi, all<br style="line-height:1.2em;outline-style:none;outline-color:initial;"><br style="line-height:1.2em;outline-style:none;outline-color:initial;">I am testing EAP-SIM with strongSwan as the client against a Security Gateway. I wonder if strongSwan supports the EAP-SIM authentication mechanism defined in 3GPP TS43.318V7.5.0. The difference between this EAP-SIM scheme and a standard one defined in RFC4186 is that this scheme omits the EAP-Identity Request/Response exchange
 at the beginning of the authentication procedure. The EAP-Identity is included in the IDi sent from the client to the SeGW in the first IKE-AUTH message. So the first EAP payload the client receives is a EAP-Request/SIM/Start (instead of EAP-Request/Identity in the standard case). <br><br>Can you please tell me if the above EAP-SIM scheme is supported by strongSwan? If it is, is there any special configuration involved? If it's not supported, do you think how complicated the changes would be to support it? Can you kindly point to me to the files that would be involved if I want to implement this support? Thanks very much<br>  <br><br>RFC 4186 EAP-SIM:</span></td></tr></tbody></table><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; "><pre style="word-wrap: break-word; white-space: pre-wrap; ">strongSwan (client)                        SeGW (Authenticator)</pre></span><span
 class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; "><pre style="word-wrap: break-word; white-space: pre-wrap; ">|                                     EAP-Request/Identity |
|<---------------------------------------------------------|
|                                                          |
| EAP-Response/Identity                                    |
|--------------------------------------------------------->|
|                                                          |
|                  EAP-Request/SIM/Start (AT_VERSION_LIST) |
|<---------------------------------------------------------|
|                                                          |
| EAP-Response/SIM/Start (AT_NONCE_MT, AT_SELECTED_VERSION)|
|--------------------------------------------------------->|
|                                                          |
|           EAP-Request/SIM/Challenge (AT_RAND, AT_MAC)    |
|<---------------------------------------------------------|
|Peer runs GSM algorithms, verifies                        |                        |AT_MAC and derives session keys                           |                        |+-------------------------------------------------------+ |
| EAP-Response/SIM/Challenge (AT_MAC)                      |
|--------------------------------------------------------->|
|                                                          |
|                                             EAP-Success  |
|<---------------------------------------------------------|
<br></pre></span></div></td></tr></table>