[strongSwan] IKEv1 xauth-pam to IKEv2 eap-gtc?
Martin Willi
martin at strongswan.org
Mon Nov 9 07:48:09 CET 2015
Hi John,
> The IKEv1 connections use pubkey & xauth-pam authentication:
> Is there a migration path for IKEv2 connections that makes sense? I see
> there is an eap-gtc module that supports pam but it's not clear in the
> documentation how to configure this to use a specific pam_service.
EAP is probably the way to go if you want password authentication with
IKEv2. For PAM verification the server needs the clear text password,
which can be achieved with EAP-GTC. Unfortunately, not many third party
clients support it.
Since 5.0.1 the eap-gtc plugin uses IKEv1 XAuth backends for password
verification, see [1]. It defaults to xauth-pam, so you can continue
using your IKEv1 configuration in IKEv2.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/EapGtc
More information about the Users
mailing list