[strongSwan] [Strongswan][Error] EAP-SIM based radius authentication fails.

Ccf Cloud ccfcloud at gmail.com
Tue Oct 8 09:01:47 CEST 2013 

Hi,

I'm trying to establish a tunnel between my Android device and a Linux box
(Gateway). I want to use EAP-SIM authentication for which I added
triplets.dat in /etc/ipsec.d. My radius server is Linux hostapd server. My
problem is the radius server returns EAP-FAILURE every time and the logs
shows "*EAP-SIM: Could not get proper permanent username*".

Here is the content of my triplets.dat file on Android device, gateway and
Radius server:

404450114346034,00000000000000000000000000000000,342A64BC,F4F2E638219E031F
404450114346034,01010101010101010101010101010101,98A3D698,5676979FCAE7E78C
404450114346034,02020202020202020202020202020202,7C43A460,0534374F7E1F60A7


Is there anything wrong in the triplets.dat file and/or am I missing any
thing? Please help.


Here is some of the relevant log from the radius server:

EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=1 respMethod=18 respVendor=0
respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-SIM: Attribute: Type=16 Len=4
EAP-SIM: Attribute data - hexdump(len=2): 00 01
EAP-SIM: AT_SELECTED_VERSION
EAP-SIM: AT_SELECTED_VERSION 1
EAP-SIM: Attribute: Type=7 Len=20
EAP-SIM: Attribute data - hexdump(len=18): 00 00 f3 51 19 f5 fc cf 83 d6 f5
7e b2 c5 05 a9 e2 f0
EAP-SIM: AT_NONCE_MT
EAP-SIM: Attribute: Type=14 Len=24
EAP-SIM: Attribute data - hexdump(len=22): 00 13 63 61 72 6f 6c 2e 77 69 6e
73 69 6e 74 65 6c 2e 6f 72 67 00
EAP-SIM: AT_IDENTITY
EAP-SIM: Attributes parsed successfully (aka=0 encr=0)
EAP-SIM: Receive start response
EAP-SIM: Could not get proper permanent user name
EAP-SIM: START -> FAILURE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE
EAP: Building EAP-Failure (id=1)



--Thanks
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131008/46ac864d/attachment.html>

More information about the Users mailing list