Bug #5924
closed
strongswan: gsup: implement Server Assignment Request/Answer
Added by lynxis about 1 year ago.
Updated 8 months ago.
Description
Implement the Server Assignment Request as GSUP Location Update Request/Answer.
In strongswan register the osmo-epdg as listener->authorize().
METHOD(listener_t, authorize, bool,
private_ext_auth_listener_t *this, ike_sa_t *ike_sa,
bool final, bool *success)
if (eap_aka_finish()) {
gsup_location_update();
*success = gsup_outcome_location_update()
}
The following plugins already do this:
- ext_auth (best match)
- whitelist
- save_keys.
The final flag might be too late.
- Description updated (diff)
- Assignee set to lynxis
The authorize() is called after sending the EAP_SUCCESS.
We could track the EAP_SUCCESS message by hooking into message(). This would not require any further modifications to the strongswan core.
As alternative it would be possible to add a hook similar to authorize() to the eap code in src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
this->ike_sa->set_condition(this->ike_sa, COND_EAP_AUTHENTICATED,
TRUE);
this->eap_complete = TRUE;
return eap_payload_create_code(EAP_SUCCESS, in->get_identifier(in));
Side note:
The authorize() callback is good to do the Tunnel Request/Response.
- Status changed from New to In Progress
- % Done changed from 0 to 60
I've implemented the Location Update Request as hook before returning EAP_SUCCESS.
To make testing easier the EPDG will answer Insert Subscriber Data Requests. So ePDG can be run against the osmo-hlr.
- Status changed from In Progress to Resolved
- % Done changed from 60 to 100
Also available in: Atom
PDF