diff options
Diffstat (limited to 'testing/tests/ikev2/rw-eap-sim-only-radius/description.txt')
-rw-r--r-- | testing/tests/ikev2/rw-eap-sim-only-radius/description.txt | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt b/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt index d50175664..26de3c982 100644 --- a/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt +++ b/testing/tests/ikev2/rw-eap-sim-only-radius/description.txt @@ -1,14 +1,15 @@ -The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>. -The gateway <b>moon</b> does not send an AUTH payload thus signalling +The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>. +At the outset the gateway does not send an AUTH payload thus signalling a mutual <b>EAP-only</b> authentication. -<b>carol</b> then uses the <i>Extensible Authentication Protocol</i> -in association with a <i>GSM Subscriber Identity Module</i> -(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>. -In this scenario, triplets from the file <b>/etc/ipsec.d/triplets.dat</b> -are used instead of a physical SIM card on the client <b>carol</b>. +<p/> +Next the clients use the GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>) +method of the <i>Extensible Authentication Protocol</i> to authenticate themselves. +In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b> are used +instead of a physical SIM card. +<p/> The gateway forwards all EAP messages to the RADIUS server <b>alice</b> -which also uses a static triplets file. -<p> +which also uses static triplets. +<p/> The roadwarrior <b>dave</b> sends wrong EAP-SIM triplets. As a consequence -the radius server <b>alice</b> returns an <b>Access-Reject</b> message -and the gateway <b>moon</b> sends back an <b>EAP_FAILURE</b>. +the RADIUS server <b>alice</b> returns an <b>Access-Reject</b> message +and the gateway <b>moon</b> sends back <b>EAP_FAILURE</b>. |