diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-16 19:29:39 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-08-16 19:29:39 +0200 |
| commit | f9a2d4bfcbf697abbf4c90234b5e7bf0d88d1db1 (patch) | |
| tree | 2d1cd5bbed66987ef8a1036e9e43c42b8caa3658 | |
| parent | cf95e162f256b335579a1d9011d69d1cb641c2a3 (diff) | |
| download | strongswan-f9a2d4bfcbf697abbf4c90234b5e7bf0d88d1db1.tar.bz2 strongswan-f9a2d4bfcbf697abbf4c90234b5e7bf0d88d1db1.tar.xz | |
describe EAP-TTLS phase2 start options using the phase2_piggyback parameter
| -rw-r--r-- | testing/tests/ikev2/rw-eap-ttls-only/description.txt | 9 | ||||
| -rw-r--r-- | testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt | 10 |
2 files changed, 13 insertions, 6 deletions
diff --git a/testing/tests/ikev2/rw-eap-ttls-only/description.txt b/testing/tests/ikev2/rw-eap-ttls-only/description.txt index 702598e72..3d4c3ab87 100644 --- a/testing/tests/ikev2/rw-eap-ttls-only/description.txt +++ b/testing/tests/ikev2/rw-eap-ttls-only/description.txt @@ -2,5 +2,10 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gatewa The strong mutual authentication is based on <b>EAP-TTLS</b> only (without a separate IKEv2 authentication) with the gateway being authenticated by a server certificate during the EAP-TLS tunnel setup (phase1 of EAP-TTLS). This tunnel protects the ensuing weak client -authentication based on <b>EAP-MD5</b> (phase2 of EAP-TTLS). <b>carol</b> presents the -correct MD5 password and succeeds whereas <b>dave</b> chooses the wrong password and fails. +authentication based on <b>EAP-MD5</b> (phase2 of EAP-TTLS). +<p/> +With the default setting <b>charon.plugins.eap-ttls.phase2_piggyback = no</b> the server +<b>moon</b> passively waits for the clients to initiate phase2 of the EAP-TTLS protocol by +sending a tunneled orphan EAP Identity response upon the reception of the server's TLS +Finished message. Client <b>carol</b> presents the correct MD5 password and succeeds +whereas client <b>dave</b> chooses the wrong password and fails. diff --git a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt index 9624fa709..d5f0b267a 100644 --- a/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt +++ b/testing/tests/ikev2/rw-eap-ttls-phase2-piggyback/description.txt @@ -2,7 +2,9 @@ The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gatewa The strong mutual authentication is based on <b>EAP-TTLS</b> only (without a separate IKEv2 authentication) with the gateway being authenticated by a server certificate during the EAP-TLS tunnel setup (phase1 of EAP-TTLS). This tunnel protects the ensuing weak client -authentication based on <b>EAP-MD5</b> (phase2 of EAP-TTLS). The server <b>moon</b> -piggybacks the tunneled EAP Identity request which starts phase2 of EAP-TTLS right onto -the TLS Finished message. <b>carol</b> presents the correct MD5 password and succeeds -whereas <b>dave</b> chooses the wrong password and fails. +authentication based on <b>EAP-MD5</b> (phase2 of EAP-TTLS). +<p/> +With the setting <b>charon.plugins.eap-ttls.phase2_piggyback = yes</b> the server <b>moon</b> +initiates phase2 of the EAP-TTLS protocol by piggybacking a tunneled EAP Identity request +right onto the TLS Finished message. Client <b>carol</b> presents the correct MD5 password +and succeeds whereas client <b>dave</b> chooses the wrong password and fails. |