[strongSwan] TNCCS-2.0 - radius
Andreas Steffen
andreas.steffen at strongswan.org
Tue Jun 28 21:59:03 CEST 2011
Hello Terry,
I assume that you are using FreeRADIUS with the TNC at FHH patch which
supports IF-TNCCS 1.1 only. At the TCG Members Meeting in Munich
two weeks ago I talked to Josef von Helden from FH Hannover and he
said that they might support IF-TNCCS 2.0 sometime in the future.
You can build strongSwan with both tnccs-11 and tnccs-20 enabled
and can then specify the protocol to be used in strongswan.conf
http://www.strongswan.org/uml/testresults45dr/tnc/tnccss-20/carol.strongswan.conf
with tnccs-11 being the default. If you use a strongSwan VPN
gateway as a TNC server (without an external RADIUS server)
then you can additionally enable the tnccs-dynamic plugin
which automatically detects whether the TNC client is using
the 1.1 or 2.0 protocol.
http://www.strongswan.org/uml/testresults45dr/tnc/tnccs-dynamic/moon.strongswan.conf
Best regards
Andreas
On 28.06.2011 21:44, Terry Hennessy wrote:
> Hello,
>
> I was able to set a configuration very similar
> to***ikev2/rw-eap-tnc-11-radius,
> *http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-11-radius/
>
> Before I spend time trying to tweak the config, I was wondering if it is
> possible to use tnccs-2.0 instead? I don't have a any requirement to use
> tnccs-2.0 other than it's newer.
>
> A second question, I assume that strongswan can be built with both the
> --enable-eap-tnccs-11 and --enable-eap-tnccs-20 options? Those aren't
> mutually exclusive are they?
>
>
> Terry Hennessy
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list