[strongSwan] LDAP authentication with ikev2

Cindy Moore ctmoore at cs.ucsd.edu
Fri Dec 19 22:19:32 CET 2014


Is there a way to use ldap authentication with ikev2?  Obviously
xauth-pam will only work with ikev1, but in looking over the Android
Strongswan app, I notice that's ikev2 only.

It looks to me, from looking at this page:
https://wiki.strongswan.org/projects/strongswan/wiki/EapGtc

that this is the plugin to do that?

I already have compiled strongswan with --enable-xauth-pam, I'd need
to recompile adding in --enable-eap-gtc

I'm a little unclear as to what the conn would look like.  Right now,
this works fine on ikev1 and xauth-pam

conn roadwarrior-ldap
        keyexchange=ikev1
        leftid=vpn.sysnet.ucsd.edu
        rightauth=pubkey
        rightauth2=xauth-pam
        auto=add

Would it be sufficient to remove the forced ikev1 setting in there? Or
do I need to add in a new conn

conn roadwarrior-ldap2
        keyexchange=ikev2
        leftid=vpn.sysnet.ucsd.edu
        rightauth=pubkey
        rightauth2=eap-gtc
        auto=add

I don't see a strongswan.d/charon/eap-gtc.conf file -- does it need one?


More information about the Users mailing list