[strongSwan] Strongswan 5, IKEv1, Xauth and Radius?

Martin Willi martin at strongswan.org
Fri Jun 22 10:06:30 CEST 2012

Hello Kimmo,

> Does this mean that now the AAA server needs to be configured to use
> EAP, let's say EAP-MSCHAPv2?

With the xauth-eap plugin, yes. This is the same configuration that
you'd use for IKEv2 clients, Windows 7 Agile VPN for example.

> Then AAA receives the access request from Strongswan and AAA server
> then responds or starts EAP and strongswan needs to have that
> eap-mschapv2 enabled?

Yes. AAA should request a (password based) EAP method, and the
strongSwan gateway acts as client for this EAP method using XAuth
credentials from the client. To use EAP-MSCHAPv2, pass
--enable-eap-mschapv2 to ./configure (and enable a MD4 implementation,
either through --enable-openssl or --enable-md4).


More information about the Users mailing list