blob: 0531a559f2d65ea61e0c66b2595eb91406a3f9a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the client by sending
an IKEv2 <b>RSA signature</b> accompanied by a certificate.
<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
in association with a <i>GSM Subscriber Identity Module</i>
(<b>EAP-SIM</b>) to authenticate against the gateway <b>moon</b>.
In this scenario triplets from the file <b>/etc/ipsec.d/triplets.dat</b>
are used instead of a physical SIM card on the client <b>carol</b> and
the gateway forwards all EAP messages to the RADIUS server <b>alice</b>
which also uses static triplets. In addition to her IKEv2 identity
<b>carol@strongswan.org</b>, roadwarrior <b>carol</b> uses the EAP
identity <b>228060123456001</b>.
|
