[strongSwan] EAP-SIM Identity Request/Response

Nan Luo harvana2000 at yahoo.com
Tue May 24 21:38:01 CEST 2011


Hi, Martin, Hi, Andreas, Hi, all

I am testing EAP-SIM with strongSwan as the client against a Security Gateway. I wonder if strongSwan supports the EAP-SIM authentication mechanism defined in 3GPP TS43.318V7.5.0. The difference between this EAP-SIM scheme and a standard one defined in RFC4186 is that this scheme omits the EAP-Identity Request/Response exchange at the beginning of the authentication procedure. The EAP-Identity is included in the IDi sent from the client to the SeGW in the first IKE-AUTH message. So the first EAP payload the client receives is a EAP-Request/SIM/Start (instead of EAP-Request/Identity in the standard case). 

Can you please tell me if the above EAP-SIM scheme is supported by strongSwan? If it is, is there any special configuration involved? If it's not supported, do you think how complicated the changes would be to support it? Can you kindly point to me to the files that would be involved if I want to implement this support? Thanks very much
  

RFC 4186 EAP-SIM:strongSwan (client)                        SeGW (Authenticator)|                                     EAP-Request/Identity |
|<---------------------------------------------------------|
|                                                          |
| EAP-Response/Identity                                    |
|--------------------------------------------------------->|
|                                                          |
|                  EAP-Request/SIM/Start (AT_VERSION_LIST) |
|<---------------------------------------------------------|
|                                                          |
| EAP-Response/SIM/Start (AT_NONCE_MT, AT_SELECTED_VERSION)|
|--------------------------------------------------------->|
|                                                          |
|           EAP-Request/SIM/Challenge (AT_RAND, AT_MAC)    |
|<---------------------------------------------------------|
|Peer runs GSM algorithms, verifies                        |                        |AT_MAC and derives session keys                           |                        |+-------------------------------------------------------+ |
| EAP-Response/SIM/Challenge (AT_MAC)                      |
|--------------------------------------------------------->|
|                                                          |
|                                             EAP-Success  |
|<---------------------------------------------------------|

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110524/5e093287/attachment.html>


More information about the Users mailing list