[strongSwan] MultiOS to strongSwan host to network VPN?
turbo at bayour.com
Tue Nov 22 11:17:43 CET 2016
I’ve been trying for a couple of days now to make my strongSwan setup
to connect to my LDAP/KerberosV servers.
From what I can tell there’s [at least] two ways to do this:
1. PAM - this works fine in the os/sshd etc so that was my first try
-> My OSX/Windows7 [native] clients can’t seem to be able to authenticate
2. RADIUS - really didn’t want to do that, but I could if it works
-> Apparently that won’t work either because Windows can only do MSCHAPv2,
which don’t send cleartext passwords, which Radius needs :(.
Is there any other way I’ve missed?
Previously, when I installed my NAT/GW/VPN server, I used OpenS/WAN but that’s
dead and buried now apparently. So several months ago when I upgraded to the
next Linux dist version, I choose strongSwan. That’s now working just fine with
EAP-MSCHAPv2 and PSKs..
With OpenS/WAN I used L2TP (which uses PPPd) that authenticated to my Samba
server, which in turned authenticated against the LDAP/KerberosV servers..
I can’t remember now, it was years since I set it up and I didn’t look in detail when
I killed it, but RADIUS was in there somehow as well (I think between PPPd and
But before I start setting up L2TP, PPPd, Samba and Radius just to authenticate my
VPN users, is there _ANYTHING_ I’ve missed?
I took a quick look at OpenVPN (which I’ve administrated, but not setup, at a previous
employer) and apparently that can do LDAP auths. But I don’t feel much confidence in
OpenVPN (it also require me to install a separate client - which I’d prefer not to do if
at all possible), so I rather not go that route either. Unless I have no choice :(.
More information about the Users