[strongSwan] Multiple Authentication Rounds

Christian Salway christian.salway at naimuri.com
Tue Jul 17 18:05:33 CEST 2018


Hello,

To quote your page [1] "With IKEv2 it is possible to use multiple authentication rounds", could this be PSK and eap-mschapv2 and do you have a configuration that would match that method?  My current configuration looks like the below.

The clients are OSX and Windows native clients so I am curious if it will work.

connections {
  radius {
     version = 2
     send_cert = always
     encap = yes
     pools = pool1
     unique = replace
     proposals = aes256-sha256-prfsha256-ecp256-modp2048
     local {
        # the id must be contained in the certificate, either as subject or as subjectAltName.
        id = ${FQDN}
        certs = cert.pem
     }
     remote {
        auth = eap-radius
        eap_id = %any
     }
     children {
        child_sa_1 {
           #esp_proposals =
           local_ts = ${LOCALCIDR}
        }
     }
  }
}



[1] https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics <https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics>

Kind regards,

Christian Salway
IT Consultant - Naimuri

T: +44 7463 331432
E: christian.salway at naimuri.com
A: Naimuri Ltd, Capstan House, Manchester M50 2UW

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180717/e2c0eee7/attachment.html>


More information about the Users mailing list