I’ve taken a look at IMS lately and ways to access the IMS from non 3GPP networks such as Wifi hotspots and Wifi at home. Looks like 3GPP TS 23.234 and TS 33.234 contains everything required for the purpose. The first major building block of I-WLAN (Wireless Local Area Network interworking) is how the subscriber database of a 2G/3G network can be used to authenticate Wifi users that have a device with built in GSM/UMTS SIM card. For this purpose EAP/AKA or EAP/SIM is used. For EAP-SIM I’ve written a blog entry some time ago. The standard also foresees methods for the access point to deliver billing information to the 3GPP network.
What I didn’t realize at that time was that the second building block in those two documents is a method to establish an IPSec encryption tunnel between a mobile device and a gateway between an external network (e.g. the Internet) and the 3GPP core network which hosts an IMS. This gateway is called the Packet Data Gateway (PDG). The standard even says that the IPsec tunnel setup can be used without the above mentioned EAP-SIM authentication step. That’s good news as the EAP-SIM authentication requires support of the Wifi Access point while the tunnel establishment is transparent to the Wifi access point.
So let’s see maybe we’ll see 3G+/Wifi IMS devices with the ability to establish an IPSec tunnel over Wifi to the IMS of their wireless operator. Great stuff for mobile operators with DSL assets.
EAP-SIM support in APs really isn’t an issue, since even cheapie ones, like the Linksys WRT54G, support 802.1X and RADIUS. The AP is agnostic when it comes to the EAP method being used, since all the AP just forwards the access request to the RADIUS server (which does need to speak EAP-SIM).
IPSec support of devices is an issue, however. My experience on Nokia Eseries with 3rd-party clients is that they’re more trouble than they’re worth. A properly integrated client would be swell.