[strongSwan-dev] AUTH4 check fails with Blackberry device but works fine with Android, anyone any ideas?

Martin Willi martin at strongswan.org
Mon Oct 22 14:10:33 CEST 2012

Hi Alan,

> 02[IKE] RADIUS authentication of '...' successful
> 02[IKE] EAP method EAP_SIM succeeded, MSK established

> 01[IKE] verification of AUTH payload with EAP MSK failed

> Bear in mind that the same SIM Card and Security Gateway works fine on
> Andorid.

It don't think it is related to strongSwan. As you're using a RADIUS
backend, EAP-SIM and MSK derivation happens outside of strongSwan.

As it works with Android, it might be that the Blackberry is calculating
the IKEv2 AUTH payload from the MSK differently.

You might try to increase the debug level on strongSwan to see what
values are used for AUTH payload calculation. If you can compare these
values with those one your UMA client, you might see a difference.


More information about the Dev mailing list