<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>EAP is authentication protocol framework.</div><div>It encapsulates authentication method, giving both sides ability to choose method they both support.</div><div><br></div><div>There were originally only PAP and CHAP protocols to authenticate peers, then EAP was invented as extensible framework.</div><div><br></div><div>See more on EAP:</div><div><a href="https://tools.ietf.org/html/rfc3748">https://tools.ietf.org/html/rfc3748</a><br></div><div><br></div><div><br></div><div>See more on some EAP protocols:</div><div><a href="https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection">https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection</a><br></div><div><div>Currently defined methods are eap-aka,</div><div>eap-gtc, eap-md5, eap-mschapv2, eap-peap, eap-sim, eap-tls, eap-ttls, eap-dynamic, and eap-radius.</div></div><div><br></div><div>In DO example they use mschapv2. </div><div><br></div><div>Here it is: <a href="https://tools.ietf.org/html/rfc2759">https://tools.ietf.org/html/rfc2759</a></div><div>but you may need to read <a href="https://www.ietf.org/rfc/rfc1994.txt">https://www.ietf.org/rfc/rfc1994.txt</a> first</div><div><br></div><div>On server, open /etc/ipsec.secrets and set</div><div>someuser : EAP "somepass"<br></div><div><br></div><div>On Android, use "someuser" as login and "somepass" as pass.</div><div><br></div><div>Server and Android will agree on EAP protocol (mschapv2 in this case), </div><div>then mschapv2 will take place (as covered in rf1994 and rfc2759) and android will auth itself to server.</div><div><br></div><div>EAP is used for authentication only. It is not used to encrypt data after it.</div><div><br></div><div><br></div><div><br></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Dec 11, 2018 at 5:08 PM eyas barhouk <<a href="mailto:eyas37@hotmail.com">eyas37@hotmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hello dears , </div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I'm trying to build IPsec tunneling mode to use it with strong-swan android client as the following tutorial:</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2" id="gmail-m_-7718956983620885004LPNoLP217238" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2</a><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
</div>
<div>But i didn't understand how IKEV2-EAP work, to be clear i know that the EAP is asymmetric cryptographic way, but i didn't get what is the privet & public key on it , and based on what the server encrypting and authenticating the messages, and is the username
equal to the public key and the password equal to the privet key ? </div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif;background-color:rgb(255,255,255);display:inline"><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif;background-color:rgb(255,255,255);display:inline"><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif;background-color:rgb(255,255,255);display:inline">Thanks in advance </span></div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span style="font-family:Calibri,Helvetica,sans-serif;background-color:rgb(255,255,255);display:inline">Best regards </span></div>
</div>
</blockquote></div>