[strongSwan] Extra EAP options for Strongswan android app

Tobias Brunner tobias at strongswan.org
Wed Sep 25 17:21:29 CEST 2013

Hi Lance,

> It is said that the strongswan android app only supports EAP-MSCHAPv2,
> EAP-MD5 and EAP-GTC.
> If I build the code myself, can I add extra EAP types to the configure
> script ?  -- say EAP-TLS

Theoretically yes, but the EAP-TLS method in particular is not an EAP
method in the app's narrow interpretation.

As the label "IKEv2 EAP (Username/Password)" indicates only EAP methods
that require username/password can currently be used.  Methods that
tunnel other EAP methods, like EAP-PEAP or EAP-TTLS would also work if
used without client certificate and if the tunneled method is based on
username/password (EAP-TTLS is actually loaded in the EAP-TNC case).

EAP-TLS is more like the "IKEv2 Certificate" option in terms of
credentials.  I suppose an option like "IKEv2 EAP-TLS (Certificate)"
could be added quite easily, if that's something you require.


More information about the Users mailing list