17 Feb
2025
17 Feb
'25
2:21 p.m.
Hi Subhajit,
I have a question regarding the strongSwan
configuration. Could you please share the ipsec.conf or swanctl.conf that you used when
testing with real phones? I’d like to see what authentication method was used in your test
case. Based on my understanding, it could be either PSK (Pre-Shared Key) or
certificate-based.
Additionally, since mobile devices typically send a
CERTREQ by default, I’m curious how you managed to validate it at the ePDG end. Also,
could you explain how tunnel authentication was handled/configured in your setup? Any
further details would be appreciated.
no it's based on EAP-AKA or EAP-AKA' which allows mutual authentication. Yes, the
certificate would also improve the situation, but it's optional.
You can find a description of my setup here:
https://projects.osmocom.org/projects/osmo-epdg/wiki/Hosted_epdg_playground
Further to read:
https://projects.osmocom.org/projects/osmo-epdg/wiki/EPDG_implementation_pl…
I used the following setup for testing:
https://gitea.osmocom.org/ims-volte-vowifi/ansible-prototype/src/branch/mas…
Best,
lynxis