strongSwan KVM Tests / ikev2-stroke / rw-eap-ttls-radius
Test ikev2-stroke/rw-eap-ttls-radius
Description
The roadwarriors carol and dave set up a connection each to gateway moon. At the outset the gateway authenticates itself to the clients by sending an IKEv2 RSA signature accompanied by a certificate. carol and dave then set up an EAP-TTLS tunnel each via moon to the FreeRADIUS server alice authenticated by an X.509 AAA certificate. The strong EAP-TTLS tunnel protects the ensuing weak client authentication based on EAP-MD5. carol presents the correct MD5 password and succeeds whereas dave chooses the wrong password and fails.