[strongSwan] strongSwan 5.0.1 with IKEv1 and freeradius

Martin Willi martin at strongswan.org
Wed Nov 14 11:47:09 CET 2012

Hi Dimitry,

> are strongSwan able to handle auth using freeradius as backend auth
> server for mac os x clients?


> I compile strongSwan with --enable-eap-radius, radius is already 
> configured and works with xl2tp (L2TP server).

We have discussed this a few times already on this list:

The eap-radius backend, as its name indicates, uses forwards EAP within
RADIUS to authenticate (usually IKEv2) users. We currently have no plain
RADIUS interface to verify User-Name/User-Password RADIUS attributes.

IKEv1 clients, in contrast to IKEv2, can't speak EAP. They just send
plain username/password attributes in the XAuth exchange. But you can
use the xauth-eap backend: it allows your gateway to do an EAP exchange
(as client) with the RADIUS server using the received XAuth credentials.

Have a look at [1] for the xauth-eap details.



More information about the Users mailing list