[strongSwan] TNCCS-2.0 - radius
andreas.steffen at strongswan.org
Tue Jun 28 21:59:03 CEST 2011
I assume that you are using FreeRADIUS with the TNC at FHH patch which
supports IF-TNCCS 1.1 only. At the TCG Members Meeting in Munich
two weeks ago I talked to Josef von Helden from FH Hannover and he
said that they might support IF-TNCCS 2.0 sometime in the future.
You can build strongSwan with both tnccs-11 and tnccs-20 enabled
and can then specify the protocol to be used in strongswan.conf
with tnccs-11 being the default. If you use a strongSwan VPN
gateway as a TNC server (without an external RADIUS server)
then you can additionally enable the tnccs-dynamic plugin
which automatically detects whether the TNC client is using
the 1.1 or 2.0 protocol.
On 28.06.2011 21:44, Terry Hennessy wrote:
> I was able to set a configuration very similar
> Before I spend time trying to tweak the config, I was wondering if it is
> possible to use tnccs-2.0 instead? I don't have a any requirement to use
> tnccs-2.0 other than it's newer.
> A second question, I assume that strongswan can be built with both the
> --enable-eap-tnccs-11 and --enable-eap-tnccs-20 options? Those aren't
> mutually exclusive are they?
> Terry Hennessy
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users