[strongSwan] EAP-AKA failure: AKA_SYNCHRONIZATION_FAILURE
Tobias Brunner
tobias at strongswan.org
Wed Apr 24 18:29:15 CEST 2019
Hi Tomek,
> Thanks for your answer. The phone indicates the invalid value of SQN,
> see the logs below:
Check the implementation of resync() in your implementation of
simaka_card_t (and whatever it actually calls/does) for details on this.
That it initially fails could be due to how the SQNs are generated.
> Do you think
> that the EPDG (strongswan) have been resynchronized?
Initially probably not if the SQNs are generated differently. But after
the client sent its SQN and the server used that (+1) the client should
be happy with it. If not, something might be wrong (e.g. incorrect
secrets).
> And because of
> time-based SQN generation it generates the invalid SQN?
You have to check the client implementation for what it considers
invalid. In particular after it sent the SQN and then still does not
like what it gets back.
Regard,
Tobias
More information about the Users
mailing list