Hi Subhajit, > I have a question regarding the strongSwan configuration. Could you please > share the ipsec.conf or swanctl.conf that you used when testing with real > phones? I’d like to see what authentication method was used in your test > case. Based on my understanding, it could be either PSK (Pre-Shared Key) or > certificate-based.
> Additionally, since mobile devices typically send a CERTREQ by default, I’m > curious how you managed to validate it at the ePDG end. Also, could you > explain how tunnel authentication was handled/configured in your setup? Any > further details would be appreciated. no it's based on EAP-AKA or EAP-AKA' which allows mutual authentication. Yes, the certificate would also improve the situation, but it's optional. You can find a description of my setup here: https://projects.osmocom.org/projects/osmo-epdg/wiki/Hosted_epdg_playground Further to read: https://projects.osmocom.org/projects/osmo-epdg/wiki/EPDG_implementation_plan I used the following setup for testing: https://gitea.osmocom.org/ims-volte-vowifi/ansible-prototype/src/branch/master/roles/epdg/templates/swanctl/swanctl.conf Best, lynxis
