Hi, I am having trouble understanding the EAP-TLS authentication when requests are proxied. I want to know how MS-MPPE-Send-Key and MS-MPPE-Recv-Keys are transferred in proxy.. since these keys contain values calculated with EAP-Messages exchanged hashed with shared secret bla bla. Does the proxy keep its own EAP state and varialbe and calculates the Message Authenticator. or free-radius ignores these keys when exchanging EAP messages. regards
M Arif wrote:
I am having trouble understanding the EAP-TLS authentication when requests are proxied.
There is nothing magic.
I want to know how MS-MPPE-Send-Key and MS-MPPE-Recv-Keys are transferred in proxy..
They are transferred verbatim by the proxy.
since these keys contain values calculated with EAP-Messages exchanged hashed with shared secret bla bla.
The *values* are transferred verbatim. The *encrypted* versions are decrypted when the proxy receives a reply from the home server, and encrypted by the proxy when it sends a reply to the client.
Does the proxy keep its own EAP state and varialbe and calculates the Message Authenticator. or free-radius ignores these keys when exchanging EAP messages.
That questions makes no sense. The process of handling the MPPE keys is *exactly* the same as proxying User-Password. There is no magic. It is very simple. Alan DeKok.
participants (2)
-
Alan DeKok -
M Arif