[strongSwan] Different authentication methods
curious_freddy at gmsl.co.uk
Wed Apr 13 13:39:56 CEST 2016
On 11/04/2016 11:32, Andreas Steffen wrote:
> authentication based on Windows Machine Certificates does not use
> IKEv2 EAP but directly employs IKEv2 public key authentication
> between VPN client and VPN gateway which very efficiently
> establishes an IPsec tunnel with a mere 4 IKEv2 messages.
Thanks for your informative response.
The exchange itself is obviously more efficient (4 vs 18 messages) but
are there any negatives? EAP-TLS is often cited (on the web) as being a
if not THE superior authentication method, without any reasoning as to why.
Presumably IKEv2 public key authentication is just as good from a
security point of view?
> The differentiation between Machine and User Certificates does apply
> to Windows clients only. On a strongSwan client you can use
> efficient IKEv2 public key authentication for any number of users.
Does this mean a Windows machine cannot have multiple installed Machine
certificates with different users using different ones?
More information about the Users