> Sending Access-Accept of id 23 to 192.168.10.10 port 6001
>         MS-MPPE-Recv-Key =
> 0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7
>         MS-MPPE-Send-Key =
> 0xd131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
>         EAP-Message = 0x03080004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         Service-Type = Framed-User
>         Framed-MTU = 1400
>         WiMAX-HA-RK-Lifetime = 172788
>         WiMAX-hHA-IP-MIP4 = 172.16.10.10
>         WiMAX-HA-RK-Key = 0xe3004e23455fd2e998b8def4dfe9ddaa34528742
>         WiMAX-HA-RK-SPI = 283734
>         WiMAX-FA-RK-Key = 0x85dd1a75f40398fe0168602b3a200a235db058fd
>         WiMAX-MSK =
> 0xdd32bb1bf83d56f4493782d3244f5d501011ffce043c3f5d70fb2f8ec22675c7d131eacf354482cec6a997bd7b25e7660f96c85f0290572af781fbe6f79e31fa
>         WiMAX-AAA-Session-Id = 0xc4e88757e4a7773cb7868674d19199e4
>         WiMAX-Capability = 0x020301
>         WiMAX-Packet-Flow-Descriptor =
> 0x01040001030600000002040303050307060301
>         WiMAX-DNS-Server = 172.16.1.1
>         Session-Timeout = 43200
>         Termination-Action = RADIUS-Request
>         Chargeable-User-Identity = "t...@testwimax.com"
>         WiMAX-MN-hHA-MIP4-Key = 0x58c32ecc237cdc44474cc0a32b4203e511c6d569
>         WiMAX-MN-hHA-MIP4-SPI = 571665657
>         WiMAX-FA-RK-SPI = 571665656
>
> In phase 2, ASN-GW send the MobileIP registration request to Home Agent.
> The Home Agent will check this MIP RRQ is valid or not by sending a radius
> request to AAA.
>
> FreeRADIUS received the request as below:
>
> rad_recv: Access-Request packet from host 172.16.10.10 port 52511, id=10,
> length=213
>         Packet-Type = Access-Request
>         User-Name = "t...@testwimax.com"
>         NAS-IP-Address = 172.16.10.10
>         NAS-Identifier = "HA_1"
>         WiMAX-HA-RK-SPI = 283734
>         Framed-IP-Address = 0.0.0.0
>         WiMAX-MN-HA-MIP4-SPI = 571665657
>         WiMAX-hHA-IP-MIP4 = 172.16.10.10
>         Vendor-Specific = 0x00001fe4180600000003
>         Vendor-Specific = 0x00001fe4a906d34f3f31
>         WiMAX-Release = "1.0"
>         WiMAX-Accounting-Capabilities = 3
>         WiMAX-GMT-Timezone-offset = 28800
>         Service-Type = Framed-User
>         Event-Timestamp = "Sep 30 2009 15:21:22 CST"
>         Message-Authenticator = 0x30f398da4df2f3673568f56b36063a2b
>         Chargeable-User-Identity = "NUL"
>
> I set the FreeRADIUS to send the Home Agent the Access-accept packet with
> some attribute(WiMAX-HA-RK-SPI,WiMAX-HA-RK-Key) with fixed value.
> But the FreeRADIUS can not generate the WiMAX-MN-hHA-MIP4-Key and
> WiMAX-MN-hHA-MIP4-SPI for that request.
> so Home Agent fail to validate the MIP RRQ because short of the
> attribute(WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI).
> Is that any configurations for FreeRADIUS to generate the original
> WiMAX-MN-hHA-MIP4-Key and WiMAX-MN-hHA-MIP4-SPI for Home Agent
> Authentication request,
> or can the FreeRADIUS cache the keys been generated in phase 1 and for use
> in phase 2 authentication?

It seems that gateway included original WiMAX-MN-hHA-MIP4-SPI as
WiMAX-MN-HA-MIP4-SPI in the request for Home Agent. It should also include
WiMAX-MN-hHA-MIP4-Key from the Access-Accept. Freeradius can't link
authentication and Home Agent requests (so not much point in cacheing).
Link should be made by the gateway.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to