Does hostapd support EAP-AKA fast re-authentication?

dennis dang dennis.dang1130
Mon Aug 30 01:16:56 PDT 2010

Hi All,

I'm trying to do some EAP-AKA authentication test with radius server.

I'm using the following testbed. Strongswan-4.3.6 is used as the EAP-AKA
peer and server. Hostapd-0.6.10 is used as the radius server.


Radius server / HLR_Auc



                           H1 --------- NUT1 ===================== NUT2
--------- H2
peer                               EAP-AKA server

Tunnel IPsec is configured between NUT1 and NUT2 to protect traffic between
H1 and H2.

During the test, I launched ping from H1 to H2, then NUT1 is authenticated
by Radius server with EAP-AKA, and IPSec SAs are negotiated. Then I
terminate the connection on NUT1 and launched ping again to make a second
authentication.  Since the milenage implementation in charon and in hostapd
are different, so I modified one of them (hostapd) a little to yield the

The question is that, always full authentication is performed. I looked into
the code it seems that hostapd could process FAST RE-AUTHENTICATION, but
always a new "sm" structure is allocated, and a full authentication is

Do I miss something ?

Thanks for any reply.

-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Hostap mailing list