[strongSwan] EAP-AKA: EAP method not supported, sending EAP_NAK

Holger Birkmeyer (ng4T) holger.birkmeyer at ng4t.com
Thu May 21 17:18:52 CEST 2015 

Konsole output
Dear all,

running strongswan as a client carol against our ePDG moon, I just
cannot get the EAP-AKA authentication working.

The strongswan client rejects the EAP-REQ/AKA-Challenge coming from moon
with an EAP-NAK. This is, what Carol tells me:

...SNIPP...
parsed IKE_AUTH response 1 [ IDr EAP/REQ/AKA ]
server requested EAP_AKA authentication (id 0x00)
Konsole output
EAP method not supported, sending EAP_NAK
allow mutual EAP-only authentication
...SNIPP...

Is this wanted behavior? Or am I on the wrong track...
I would be more than happy about a hint, what I am doing wrong.

This is, what I have configured:

...SNIPP...
Konsole output
conn home
       left=192.168.122.153
       leftid=carol at strongswan.org
       leftauth=eap-aka
       right=192.168.179.174
       rightikeport=6000
       rightid=@moon.strongswan.org
       rightauth=pubkey
       auto=add
...SNIPP...

And indeed, the eap-aka modules seem to be loaded:
Konsole output
...SNIPP...
Konsole output
 loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random
nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem open
ssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve
socket-default stroke updown eap-identity eap-aka eap-aka-3gpp2
addrblock       
Listening IP addresses:
 192.168.122.153
Connections:
       home:  192.168.122.153...192.168.179.174  IKEv2
       home:   local:  [carol at strongswan.org] uses EAP_AKA authentication
       home:   remote: [moon.strongswan.org] uses public key authentication
...SNIPP...

Konsole output
Linux strongSwan U5.1.2/K3.16.0-38-generic

Best regards,
Holger

-- 
Holger Birkmeyer
Engineering
fon: +49-30-351246-95
fax: +49-30-652185-31

ng4T GmbH
Siemensdamm 50
13629 Berlin
Germany
www.ng4t.com

Berlin-Charlottenburg, HRB 123546
Geschäftsführer Dr. Andreas Kallmann 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150521/e1564f4c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150521/e1564f4c/attachment.pgp>

More information about the Users mailing list