[strongSwan] Can charon pass through unknown EAP methods with eap-radius authentication?

Andreas Steffen andreas.steffen at strongswan.org
Thu Jul 15 18:49:11 CEST 2010 

Hello Christophe,

in principle the strongSwan server-side eap-radius plugin relays
any EAP protocol to and from a remote RADIUS server (even vendor-
specific and unsupported methods) because the eap-radius plugin
does not inspect and process the information embedded in the
generic EAP messages. Thus EAP-TLS and EAP-FRAP should pass through
smoothly (Martin, please contradict me if this isn't true ;-)  )

Best regards

Andreas

On 07/15/2010 05:40 PM, Christophe Gouault wrote:
> Hello,
> 
> I am currently testing the server-side support of EAP authentication by 
> charon.
> 
> I could see that it supports the following methods: eap-aka, eap-sim, 
> eap-gtc, eap-md5, eap-mschapv2 and eap-radius. I also read that 
> vendor-specific methods can be specified in the form eap-type-vendor 
> (but I don't really understand how vendor-specific methods could be used 
> without extending charon).
> 
> I successfully tested the support of eap-radius (the authentication 
> method between the client and radius server was MD5).
> 
> I am wondering if the eap-radius "method" will pass through EAP 
> exchanges between the client and radius server when the EAP method used 
> by the client and radius server is not supported by charon.
> 
>                     radius
>                     server
>                       |
>                       |
> IKEv2                IKEv2
> client ===========  server ---
>                    (charon)    
> 
> Typically, I would like to use the EAP-TLS and EAP-FRAP methods, that 
> are not supported by charon for now.
> 
> I tried to browse the code of eap_authentifier, but I didn't find the 
> answer...
> 
> Thanks for your help,
> Christophe.

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list