[strongSwan] MultiOS to strongSwan host to network VPN?

[Turbo Fredriksson]

I’ve been trying for a couple of days now to make my strongSwan setup
to connect to my LDAP/KerberosV servers.

From what I can tell there’s [at least] two ways to do this:

	1. PAM - this works fine in the os/sshd etc so that was my first try
		-> My OSX/Windows7 [native] clients can’t seem to be able to authenticate
		    though :(

	2. RADIUS - really didn’t want to do that, but I could if it works
		-> Apparently that won’t work either because Windows can only do MSCHAPv2,
		    which don’t send cleartext passwords, which Radius needs :(.

Is there any other way I’ve missed?



Previously, when I installed my NAT/GW/VPN server, I used OpenS/WAN but that’s
dead and buried now apparently. So several months ago when I upgraded to the
next Linux dist version, I choose strongSwan. That’s now working just fine with
EAP-MSCHAPv2 and PSKs..

With OpenS/WAN I used L2TP (which uses PPPd) that authenticated to my Samba
server, which in turned authenticated against the LDAP/KerberosV servers..

I can’t remember now, it was years since I set it up and I didn’t look in detail when
I killed it, but RADIUS was in there somehow as well (I think between PPPd and
Samba).

But before I start setting up L2TP, PPPd, Samba and Radius just to authenticate my
VPN users, is there _ANYTHING_ I’ve missed?


I took a quick look at OpenVPN (which I’ve administrated, but not setup, at a previous
employer) and apparently that can do LDAP auths. But I don’t feel much confidence in
OpenVPN (it also require me to install a separate client - which I’d prefer not to do if
at all possible), so I rather not go that route either. Unless I have no choice :(.