[Openswan Users] IPSec tunnels with EAP-SIM

Christian Horn chorn at fluxcoil.net
Tue Oct 10 08:27:41 EDT 2006


On Tue, Oct 10, 2006 at 02:10:03PM +0200, liran tal wrote:
> I've been asked to provide a solution for an IPSec tunnel which makes use of
> information stored on a SIM card
> (like the one used in GSM phones) to encrypt the tunnel or perform some sort
> of intervention.

SIM-cards are used by mobiles, the bigger family of smartcards they belong
to are more interesting here. Simplest use i can imagine is to get two
empty smartcards, create two pairs of public/private keypairs, store one
of the pairs on the cards, and use them to authenticate to each other
when establishing an ipsec connection.
One can also setup an own CA and use the cards there.

For a start to test the setup you can also use the keypairs from files
instead from using smartcards.
For using the smartcards libopensc (www.opensc-project.org) is used for
the cardaccess by OpenSwan.


Have fun, Christian.


More information about the Users mailing list