[strongSwan] IKEv1 xauth-pam to IKEv2 eap-gtc?
john at surfeasy.com
Mon Nov 9 22:17:33 CET 2015
On 2015-11-09 1:48 AM, Martin Willi wrote:
> EAP is probably the way to go if you want password authentication with
> IKEv2. For PAM verification the server needs the clear text password,
> which can be achieved with EAP-GTC. Unfortunately, not many third party
> clients support it.
Thanks for the response, Martin.
Does anyone know if any of the iOS implementations (racoon or the newer
iOS 9 agent) supports EAP-GTC? (Or should it matter?)
I tried a quick re-working of our configs but with rightauth=pubkey &
rightauth2=eap-gtc sections but it fails without calling any PAM modules
when authenticating an iOS 9.1 client:
1447103395 Nov 9 21:09:55 27[CFG] <iphone-ios8-ike-v2|7> selected peer
1447103395 Nov 9 21:09:55 27[IKE] <iphone-ios8-ike-v2|7> peer requested
EAP, config inacceptable
1447103395 Nov 9 21:09:55 27[CFG] <iphone-ios8-ike-v2|7> no alternative
More information about the Users