ipsec-sim si ipsec-aka – take 1 – freeradius

Posted: June 19, 2009 in technical
Tags: ,

Descarcat si compilat cu suport de sim si openssl, ca poate imi da prin cap ca vreau si tls 😛

Si … primul meu user:

vpn1  Auth-Type := EAP, EAP-Type := SIM
EAP-Sim-RAND1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-RAND2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-RAND3 = 0x303132333435363738393a3b3c3d3e3f,
EAP-Sim-SRES3 = 0xf1f2f3f4,
EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,
EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,
EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,

Acum sa vedem ce fac cu AKA-ul…nesuportat de oamenii de la freeradius, dar cu patch-uri diverse facute de binevoitorii de pretutindeni 😛 😛

Ah, btw: pe NetScreen 5200:

set auth-server “VPN-Debian” id 1
set auth-server “VPN-Debian” server-name “10.205.17.70”
set auth-server “VPN-Debian” account-type eap-ikev2
set auth-server “VPN-Debian” radius port 1812
set auth-server “VPN-Debian” radius secret “bm5dVOi8N1UDuRsb8lCRiN78zqnocRdkJA==”
set auth-server “VPN-Debian” radius compatibility rfc-2138

si un gateway mititel:

set ike gateway ikev2 “24s2seap1” address 8.0.0.1 local-id “170.2.0.1” outgoing-interface “ethernet2/2” proposal “rsa-g2-3des-md5-360”
set ike gateway ikev2 “24s2seap1” cert my-cert-hash BC1D04E0E20D4D05F776E30C34830ED9844DC79C
set ike gateway ikev2 “24s2seap1” cert peer-ca-hash 7B236EFB192B6B5360CA7ECDE252191495E9A36B
set ike respond-bad-spi 1
Advertisements
Comments
  1. Anonymous says:

    hmmm ce vremuri
    vezi ca avea alex Dev neste variante cat sa ai un freeRadius pentru aka.
    Ce vremuri… sa vezi tu ca merge bine (cat de cat) pe partea de eapoipsec ca i-am facut eu acceptanta la devi.
    By the way, sa rezolve problema cu tls… cu incremental userName si certificate. Am niste enh date pe asta.
    Si vezi ca daca faci md5/tls cu acs lu’ ciscanu o sa ai niste surprize.
    (sunt neste buguri dragutzele logate di mini)
    Spor

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s