[strongSwan] EAP-AKA failure: AKA_SYNCHRONIZATION_FAILURE
Tobias Brunner
tobias at strongswan.org
Wed Apr 24 10:21:57 CEST 2019
Hi Tomek,
> However, the
> phone didn't accept the new AUTN and sent synchronization failure again.
Does it report the reason why it does so?
> Do you have any idea why the phone is sending the
> AKA_SYNCHRONIZATION_FAILURE?
No. You should really check the logs there to see why it does.
> In meanwhile, I was changing some
> configuration parameters to deal with another issue. Can this issue be
> caused by some configuration parameter?
Maybe. Without knowing what you changed it's hard to tell.
Which plugin are you using on the server? Because I noticed that the
eap-aka-3gpp2 plugin (as compared to the eap-aka-3gpp plugin) does not
increase SQN with each get_quintuplet() call, which seems like a bug.
However, that should not have an effect right after the resync as that
explicitly sets SQN to the supplied value + 1. And I also saw that both
plugins use a global, non-persistent and initially time-based SQN, which
might not work well with multiple clients (in particularly if they
connect concurrently and/or resync). So I guess these two plugins are
really only intended for testing.
Regards,
Tobias
More information about the Users
mailing list