[strongSwan] Can be EAP-MSCHAPv2 considered secure?

[Andreas Steffen]

Hi,

the IKEv2 encryption effectively protects the weak EAP-MSCHAPv2
challenge/protocol so you could call this mode "secure". But please
be aware that if the user authentication does not take place on
the VPN gateway itself but on a separate AAA server then EAP-MSCHAPv2
is only marginally protected by the RADIUS protocol run between VPN
and AAA server. In that case better use MSCHAPv2 within EAP-TTLS
(supported since Windows 8) or EAP-PEAP (supported since Windows 7)
because then the authentication is protected end-to-end all between
VPN client and AAA server.

Regards

Andreas

On 24.06.2016 03:31, Artyom Aleksyuk wrote:
> Hello.
> Currently I'm using X.509 client certs with my own CA. To make things
> simpler, I'm going to move to a password-based authentication. As I
> understand, the only EAP method that works with both strongSwan Android
> and Windows 8 is EAP-MSCHAPv2. I've heard that this EAP method was
> broken (for example,
> https://technet.microsoft.com/en-us/library/security/2743314.aspx).
> However this article mentions PPTP, not IKEv2. So, should I avoid
> EAP-MSCHAPv2 in IKEv2, or it still can be considered secure?
> The second question is: is it possible to use Let's Encrypt-generated
> certs together with strongSwan?

======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4275 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160624/0ae2ca6f/attachment.bin>