[strongSwan] xauth_radius plugin with Challenge/Response support

Gerald Richter - ECOS richter at ecos.de
Wed Jul 31 06:19:02 CEST 2013

Hi Martin,

Thanks for starting to integrate my patch. Of course it makes much more sense to merge it into the existing plugin (In my patch I just wanted to make as less changes to the existing code as possible, to keep it simple for me to maintain).

The main reason I created the xauth_radius plugin, was to have Challenge/Response to support OTP (it works at least with Cisco clients like on the iPhone), so hopefully it will make it after 5.1.0 into strongswan.



> -----Ursprüngliche Nachricht-----
> Von: Martin Willi [mailto:martin at strongswan.org]
> Gesendet: Montag, 29. Juli 2013 11:55
> An: Gerald Richter
> Cc: users at lists.strongswan.org
> Betreff: Re: [strongSwan] xauth_radius plugin with Challenge/Response
> support
> Hi Gerald,
> > I have implement a xauth_radius plugin which is able to do xauth
> > authentication against a radiusserver, without using eap.
> Thanks for the patches.
> Today I've merged a first version of the xauth-radius backend to the master
> branch. I've used a slightly different approach by integrating the xauth-radius
> backend directly into the eap-radius plugin. This avoids duplicating a lot of
> code, and allows us to reuse all the RADIUS goodies we already have, such as
> Accounting or assignment of virtual IPs and other attributes.
> Support for Access-Challenges is still missing. There are some other changes
> in the pipeline though, such as multiple XAuth rounds [1], for example to
> authenticate with Password and HOTP/TOTP. These won't make it into 5.1.0,
> I'd like to avoid larger changes as the release is coming soon.
> Best Regards
> Martin
> [1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/xa
> uth-radius-multi

More information about the Users mailing list