[strongSwan] TNCCS-2.0 - radius

Andreas Steffen andreas.steffen at strongswan.org
Tue Jun 28 21:59:03 CEST 2011

Hello Terry,

I assume that you are using FreeRADIUS with the TNC at FHH patch which
supports IF-TNCCS 1.1 only. At the TCG Members Meeting in Munich
two weeks ago I talked to Josef von Helden from FH Hannover and he
said that they might support IF-TNCCS 2.0 sometime in the future.

You can build strongSwan with both tnccs-11 and tnccs-20 enabled
and can then specify the protocol to be used in strongswan.conf


with tnccs-11 being the default. If you use a strongSwan VPN
gateway as a TNC server (without an external RADIUS server)
then you can additionally enable the tnccs-dynamic plugin
which automatically detects whether the TNC client is using
the 1.1 or 2.0 protocol.


Best regards


On 28.06.2011 21:44, Terry Hennessy wrote:
> Hello,
> I was able to set a configuration very similar
> to***ikev2/rw-eap-tnc-11-radius,
> *http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-11-radius/
> Before I spend time trying to tweak the config, I was wondering if it is
> possible to use tnccs-2.0 instead? I don't have a any requirement to use
> tnccs-2.0 other than it's newer.
> A second question, I assume that strongswan can be built with both the
> --enable-eap-tnccs-11 and --enable-eap-tnccs-20 options? Those aren't
> mutually exclusive are they?
> Terry Hennessy

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list