[strongSwan] LDAP authentication with ikev2
Cindy Moore
ctmoore at cs.ucsd.edu
Fri Dec 19 22:19:32 CET 2014
Is there a way to use ldap authentication with ikev2? Obviously
xauth-pam will only work with ikev1, but in looking over the Android
Strongswan app, I notice that's ikev2 only.
It looks to me, from looking at this page:
https://wiki.strongswan.org/projects/strongswan/wiki/EapGtc
that this is the plugin to do that?
I already have compiled strongswan with --enable-xauth-pam, I'd need
to recompile adding in --enable-eap-gtc
I'm a little unclear as to what the conn would look like. Right now,
this works fine on ikev1 and xauth-pam
conn roadwarrior-ldap
keyexchange=ikev1
leftid=vpn.sysnet.ucsd.edu
rightauth=pubkey
rightauth2=xauth-pam
auto=add
Would it be sufficient to remove the forced ikev1 setting in there? Or
do I need to add in a new conn
conn roadwarrior-ldap2
keyexchange=ikev2
leftid=vpn.sysnet.ucsd.edu
rightauth=pubkey
rightauth2=eap-gtc
auto=add
I don't see a strongswan.d/charon/eap-gtc.conf file -- does it need one?
More information about the Users
mailing list