projects / thirdparty / strongswan.git / blame
| Commit | Line | Data |
|---|---|---|
| 535f5d8a AS |
1 | The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each to gateway <b>moon</b> |
| 2 | using EAP-TTLS authentication only with the gateway presenting a server certificate and | |
| 3 | the clients doing EAP-MD5 password-based authentication. | |
| 75598e50 AS |
4 | <p/> |
| 5 | In a next step the <b>RFC 7171 PT-EAP</b> transport protocol is used within the EAP-TTLS | |
| 6 | tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0 </b> | |
| 7 | client-server interface compliant with <b>RFC 5793 PB-TNC</b>. The IMCs and IMVs exchange | |
| 8 | messages over the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. | |
| 535f5d8a AS |
9 | <p> |
| 10 | The first time the TNC clients <b>carol</b> and <b>dave</b> send their measurements, | |
| 11 | TNC server <b>moon</b> requests a handshake retry. In the retry <b>carol</b> succeeds | |
| 12 | and <b>dave</b> fails. Thus based on this second round of measurements the clients are connected | |
| 13 | by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively. | |
| 14 | </p> |