OpenPana Projects

OpenPana Projects (Protocol for Carrying Authentication for Network Access) is an IP-based protocol.OPenPana Projects aims for  device to authenticate itself with network.It does not define any authentication protocol, key agreement key distribution, or key derivation protocols.


PANA can be used in

  • Environments with link layer security.
  • Environments with physical layer security.
  • Environments where no lower security is available.

Architecture’s elements:

  • PaC (PANA Client).
  • PAA (PANA Authentication Agent).
  • AS (Authentication Server).
  • EP (Enforcement Point).
PaC (PANA Client):
  • The client part of the protocol is defined as PaC.
  • It is placed in node and easily reach access network.
PAA (PANA Authentication Agent):
  • Server side of PANA protocol is PAA.
  • It exchanges message with PaC for authentication and authorization.
AS (Authentication Server):
  • It is used to check the PaC’s credentials.
  • It receives the PaC’s credentials by the PAA.
  • Then it sends a packet with the result of credential checking process.
  • It has session time.
  • If this session expires it should re authenticate

EP (Enforcement Point):

  • It works in the basis of filter of a packet.
  • It is a type of node which drops packet according to the parameters it sets.

PANA signaling flow:

OpenPana signal flow

Platform Support:

Protocols supported in Openpana Projects

  • UNIX
  • Windows

Sample code for OpenPana Projects:

class PeerApplication : public PANA_ClientEventInterface



PeerApplication(PANA_Node &n) : pacSession(n, *this),

handle(EapJobHandle(AAA_GroupedJob::Create(n.Task().Job(), this, “peer”))),


(new MyPeerSwitchStateMachine(*n.Task().reactor(), handle))),





virtual ~PeerApplication()  {


void Start()





MyPeerSwitchStateMachine& Eap() { return *eap; }

// called by PANA on incomming EAP request

void EapRequest(AAAMessageBlock *request,

PANA_PINFO provider,

const PANA_CfgProviderInfo *pInfo) {


// called by PANA on incomming BIND request

void EapRequest(AAAMessageBlock *request,

ACE_UINT32 resultCode,

ACE_UINT32 pcap) {