Test ikev2/rw-eap-sim-only-radius

strongSwan KVM Tests / ikev2 / rw-eap-sim-only-radius

Test ikev2/rw-eap-sim-only-radius

Description

The roadwarriors carol and dave set up a connection to gateway moon. At the outset the gateway does not send an AUTH payload thus signaling a mutual EAP-only authentication.

Next the clients use the GSM Subscriber Identity Module (EAP-SIM) method of the Extensible Authentication Protocol to authenticate themselves. In this scenario triplets from the file /etc/ipsec.d/triplets.dat are used instead of a physical SIM card.

The gateway forwards all EAP messages to the RADIUS server alice which also uses static triplets.

The roadwarrior dave sends wrong EAP-SIM triplets. As a consequence the RADIUS server alice returns an Access-Reject message and the gateway moon sends back EAP_FAILURE.

console.log

Test ikev2/rw-eap-sim-only-radius

Description

moon

carol

dave

alice

tcpdump