Archive for June 19th, 2009

19
Jun

ipsec-sim si ipsec-aka – take 1 – freeradius

   Posted by: cristina_crow    in technical

Descarcat si compilat cu suport de sim si openssl, ca poate imi da prin cap ca vreau si tls :P

Si … primul meu user:

vpn1  Auth-Type := EAP, EAP-Type := SIM
EAP-Sim-RAND1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-RAND2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-RAND3 = 0x303132333435363738393a3b3c3d3e3f,
EAP-Sim-SRES3 = 0xf1f2f3f4,
EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,
EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,
EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,

Acum sa vedem ce fac cu AKA-ul…nesuportat de oamenii de la freeradius, dar cu patch-uri diverse facute de binevoitorii de pretutindeni :P :P

Ah, btw: pe NetScreen 5200:

set auth-server “VPN-Debian” id 1
set auth-server “VPN-Debian” server-name “10.205.17.70″
set auth-server “VPN-Debian” account-type eap-ikev2
set auth-server “VPN-Debian” radius port 1812
set auth-server “VPN-Debian” radius secret “bm5dVOi8N1UDuRsb8lCRiN78zqnocRdkJA==”
set auth-server “VPN-Debian” radius compatibility rfc-2138

si un gateway mititel:

set ike gateway ikev2 “24s2seap1″ address 8.0.0.1 local-id “170.2.0.1″ outgoing-interface “ethernet2/2″ proposal “rsa-g2-3des-md5-360″
set ike gateway ikev2 “24s2seap1″ cert my-cert-hash BC1D04E0E20D4D05F776E30C34830ED9844DC79C
set ike gateway ikev2 “24s2seap1″ cert peer-ca-hash 7B236EFB192B6B5360CA7ECDE252191495E9A36B
set ike respond-bad-spi 1

Tags: ,

2 Comments
Back to top