[strongSwan] strongSwan 5.0.1 with IKEv1 and freeradius
Martin Willi
martin at strongswan.org
Wed Nov 14 11:47:09 CET 2012
Hi Dimitry,
> are strongSwan able to handle auth using freeradius as backend auth
> server for mac os x clients?
Yes.
> I compile strongSwan with --enable-eap-radius, radius is already
> configured and works with xl2tp (L2TP server).
We have discussed this a few times already on this list:
The eap-radius backend, as its name indicates, uses forwards EAP within
RADIUS to authenticate (usually IKEv2) users. We currently have no plain
RADIUS interface to verify User-Name/User-Password RADIUS attributes.
IKEv1 clients, in contrast to IKEv2, can't speak EAP. They just send
plain username/password attributes in the XAuth exchange. But you can
use the xauth-eap backend: it allows your gateway to do an EAP exchange
(as client) with the RADIUS server using the received XAuth credentials.
Have a look at [1] for the xauth-eap details.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/XAuthEAP
More information about the Users
mailing list