[strongSwan] options for xauth authentication and ipsec.secrets

Paul Dekkers ipsec at pade.nl
Mon Feb 21 17:41:08 CET 2011


I'd like to verify xauth username/password authentication with a
database (RADIUS or LDAP or so). So far it seems I can only add these
credentials in /etc/ipsec.secrets - is that true? (Sounds a little
inflexible to me ;-))

One more question related to ipsec.secrets; it's true I cannot have a
different shared secret per user, right? It's clearly preferred to use
certificates for this, but not all clients are capable of it (for
instance the iPhone can only use a shared secret with L2TP, but is able
to use a certificate in IPSEC mode (but that uses XAUTH and does again
not allow my to relay authentication via RADIUS to use tokens or so...)).


More information about the Users mailing list