[strongSwan] authentication with EAP

Yudi V yudi.tux at gmail.com
Mon Jan 30 05:51:16 CET 2017


Hi all,

I got the below setup in ipsec.conf

conn rw_cert
        rightauth=eap-tls              #using certificate
        rightsendcert=never
        eap_identity=%any
        auto=add

conn rw_pw
        rightauth=eap-mschapv2         #using password
        eap_identity=%any
        auto=add

Each one works fine when connecting from the remote peer when testing
individually (commenting out one "conn") but If I have both listed as
above, every time only the EAP-TLS (as it's the first one listed) gets
picked up. If I change the order with EAP-MSCHAPV2 listed first then it
gets picked up every time.

Is there a way to fine tune this behavior, ie, If the remote peer is trying
to authenticate via EAP-MSCHAPV2 the server should pick the right method
(eap-mschapv2) not the first one in the list.

Note: I used the same remote peer to test the above.

-- 
Kind regards,
Yudi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170130/dfc2cadc/attachment.html>


More information about the Users mailing list