The software XpressVPN from Xpressent is used for the IPsec tunnel on the femtocell.

installation

  • strongswan : install IPsec implementation
  • server : server config
  • client : client config
  • keys : howto extract IPsec keys and decrypt the traffic

connection

authentication :

  • the femtocell/client/initiator is authenticated using EAP-SIM. It uses the SIM card
  • the SeGW/server/responder is authenticated using certificated. The CA is operator/gwcert.der

communication ciphers :

  • encryption : encr_aes_cbc_128
  • authentication/integrity : auth_hmac_sha1_96
  • pseudo-random-function : prf_hmac_sha1
  • diffie-hellman : group 2 1024 bits modp

ports :

  • the SFR IPsec server unc1-ch1.fr.sfr.com only listen to port 4500. Normally IKE_SA_INIT is sent to port 500, but it is also possible to send it to port 4500 by adding 4 zeros bytes at the beginning (non-ESP marker)
  • the femto client uses source port 5101, but it is not required
ipsec.txt · Last modified: 2011/08/30 15:40 by femto
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki