<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am trying client-server eap-aka scenario. I am able to get the connection established for normal strongswan client and strongswan server.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Now when I am trying to the same strongswan server with load-tester client, then connection fails. In log file on load-tester client side I can see following prints :<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow">Received MAC does not match with XMAC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="background:yellow;mso-highlight:yellow">No MSK established.</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Strongswan.conf that I have used on load-tester client is following:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> plugins {<o:p></o:p></p>
<p class="MsoNormal"> load-tester {<o:p></o:p></p>
<p class="MsoNormal"> enable = yes<o:p></o:p></p>
<p class="MsoNormal"> initiators = 1<o:p></o:p></p>
<p class="MsoNormal"> iterations = 1<o:p></o:p></p>
<p class="MsoNormal"> delay = 1000<o:p></o:p></p>
<p class="MsoNormal"> responder = 10.3.10.251<o:p></o:p></p>
<p class="MsoNormal"> proposal = aes128-sha1-modp1024<o:p></o:p></p>
<p class="MsoNormal"> initiator_auth = eap-aka<o:p></o:p></p>
<p class="MsoNormal"> responder-auth = eap-aka<o:p></o:p></p>
<p class="MsoNormal"> initiator_id = <a href="mailto:0123456700000000@wlan.mnc212.mcc091.3gppnetwork.org">
0123456700000000@wlan.mnc212.mcc091.3gppnetwork.org</a><o:p></o:p></p>
<p class="MsoNormal"> responder_id = moon.strongswan.org<o:p></o:p></p>
<p class="MsoNormal"> request_virtual_ip = yes<o:p></o:p></p>
<p class="MsoNormal"> ike_reky = 0<o:p></o:p></p>
<p class="MsoNormal"> child_rekey = 0<o:p></o:p></p>
<p class="MsoNormal"> delete_after_establishment = no<o:p></o:p></p>
<p class="MsoNormal"> shutdown_when_complete = no<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"> }<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Please let me know if I am missing something.<o:p></o:p></p>
<p class="MsoNormal">Thanks in advance.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Regards<o:p></o:p></p>
<p class="MsoNormal">Inderpal Singh<o:p></o:p></p>
</div>
"DISCLAIMER: This message is proprietary to Aricent and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what
it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this
message. Aricent accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus."
</body>
</html>