Descarcat si compilat cu suport de sim si openssl, ca poate imi da prin cap ca vreau si tls 
Si … primul meu user:
vpn1 Auth-Type := EAP, EAP-Type := SIM
EAP-Sim-RAND1 = 0x101112131415161718191a1b1c1d1e1f,
EAP-Sim-SRES1 = 0xd1d2d3d4,
EAP-Sim-RAND2 = 0x202122232425262728292a2b2c2d2e2f,
EAP-Sim-SRES2 = 0xe1e2e3e4,
EAP-Sim-RAND3 = 0x303132333435363738393a3b3c3d3e3f,
EAP-Sim-SRES3 = 0xf1f2f3f4,
EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7,
EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7,
EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7,
Acum sa vedem ce fac cu AKA-ul…nesuportat de oamenii de la freeradius, dar cu patch-uri diverse facute de binevoitorii de pretutindeni
Ah, btw: pe NetScreen 5200:
set auth-server “VPN-Debian” id 1
set auth-server “VPN-Debian” server-name “10.205.17.70″
set auth-server “VPN-Debian” account-type eap-ikev2
set auth-server “VPN-Debian” radius port 1812
set auth-server “VPN-Debian” radius secret “bm5dVOi8N1UDuRsb8lCRiN78zqnocRdkJA==”
set auth-server “VPN-Debian” radius compatibility rfc-2138
si un gateway mititel:
set ike gateway ikev2 “24s2seap1″ address 8.0.0.1 local-id “170.2.0.1″ outgoing-interface “ethernet2/2″ proposal “rsa-g2-3des-md5-360″
set ike gateway ikev2 “24s2seap1″ cert my-cert-hash BC1D04E0E20D4D05F776E30C34830ED9844DC79C
set ike gateway ikev2 “24s2seap1″ cert peer-ca-hash 7B236EFB192B6B5360CA7ECDE252191495E9A36B
set ike respond-bad-spi 1
This entry was posted
on Friday, June 19th, 2009 at 6:43 pm and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
If you want to see my LinkedIn profile, click on this button:
2 comments so far
Leave a reply