[strongSwan] Can charon pass through unknown EAP methods with eap-radius authentication?

Thu Jul 15 17:40:55 CEST 2010

Hello,

I am currently testing the server-side support of EAP authentication by 
charon.

I could see that it supports the following methods: eap-aka, eap-sim, 
eap-gtc, eap-md5, eap-mschapv2 and eap-radius. I also read that 
vendor-specific methods can be specified in the form eap-type-vendor 
(but I don't really understand how vendor-specific methods could be used 
without extending charon).

I successfully tested the support of eap-radius (the authentication 
method between the client and radius server was MD5).

I am wondering if the eap-radius "method" will pass through EAP 
exchanges between the client and radius server when the EAP method used 
by the client and radius server is not supported by charon.

                    radius
                    server
                      |
                      |
IKEv2                IKEv2
client ===========  server ---
                   (charon)    

Typically, I would like to use the EAP-TLS and EAP-FRAP methods, that 
are not supported by charon for now.

I tried to browse the code of eap_authentifier, but I didn't find the 
answer...

Thanks for your help,
Christophe.