-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Peter,
On 08/30/2014 12:04 AM, Peter Hsiang wrote: > The 3GPP TS 33.402 spec (rel12) chapter 8.2.2 (top of page 33) says that the > first IKE_AUTH request sends the user identity (in IDi payload) and the APN > information > (in the IDr payload). Looking at the Strongswan source, I did not find any > implementation of sending the APN in the IDr ? You should definitely have a look at the src/libcharon/plugins/eap_aka* plugins. They certainly handle what you are looking for. > Looking at RFC 4306 for the packet format, there is no mentioning of APN. Correct, that's the (meanwhile obsoleted IKEv2 standard, see http://tools.ietf.org/html/rfc5996 for the more current version). > > Does anyone know if the APN is required, and what the IKE_AUTH message might > use it for? I guess, it's right in your document: '[...]The ePDG sends the Authentication and Authorization Request message to the 3GPP AAA Server, containing the user identity and APN. [...]' page 33, paragraph number 3. > > > Related code: > > - libcharon/encoding/payloads/id_payload.c > > - libcharon/encoding/message.c > > - libcharon/sa/ikev2/tasks/ike_auth.c (method build_i) > > > > The comment in method build_i suggests that IDr is optional? It's optional with IKEv2, EAP-AKA is quite a blank spot in my knowledge base, but it seems to require it (judging from your cited document). I guess Martin will be able to shed some more light on this tomorrow since he implemented the plugins. Cheers, Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlQDf8sACgkQ2/ggQBUI/slGHQCePIR62KTK/KOciSQEEtlF8FEa EiIAoJwJQ62Mhu1P4vnqSknflBUh3H3o =1uHh -----END PGP SIGNATURE----- _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
