[strongSwan] VPN on-demand blackholing for unaunthenticated users

kgardenia42 kgardenia42 at googlemail.com
Fri Nov 30 16:34:18 CET 2012

On Wed, Nov 21, 2012 at 6:15 PM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Hi,
> would this scenario help you?
> http://www.strongswan.org/uml/class-attributes/ikev2/rw-eap-md5-class-radius/
> You can assign the blacklisted users via a RADIUS Class attribute
> to a special confined network.

Andreas: this looks perfect.  However it seems that this requires the
IKEv2 / EAP combination.   However, to my knowledge:

* IOS clients only support IKEv1 (which cannot do EAP)
* IKEv1 (which is supported by IOS clients) cannot do EAP

Did I miss something?

If so, can you suggest a way to do anything similar for IKEv1?


More information about the Users mailing list