[strongSwan] IKev1 + eap-tls possible?

WorkingMan signup_mail2002 at yahoo.com
Tue Sep 17 02:23:02 CEST 2013


Is it possible to make ikev1 client (ex: ios) work with eap-radius and eap-
tls?

Only xauth-eap seems to make ikev1 work with FreeRadius (and accounting, what 
I want). In this mode certificate authentication seems to be happening on 
strongswan side (not in the RADIUS; like in the case of EAP-TLS + eap-radius).

My requirements

1) I like accounting and unified authentication with RADIUS.
2) I need to support ikev1 (ios, vista, etc)
3) I would like to avoid password (similar to xauth-noauth but for RADIUS) - 
should be just certificate authentication

Is my only option to create my own plug-in or patch existing one?

I was thinking xauth-eap works fine except for the password part. Also I would 
like the client certificate to be authenticated by RADIUS (so things are 
centralized in one place for authentication).

Give me pointers as how I can fix this with a patch.

Thanks







More information about the Users mailing list