[strongSwan] Multiple Authentication Rounds
Christian Salway
christian.salway at naimuri.com
Tue Jul 17 18:05:33 CEST 2018
Hello,
To quote your page [1] "With IKEv2 it is possible to use multiple authentication rounds", could this be PSK and eap-mschapv2 and do you have a configuration that would match that method? My current configuration looks like the below.
The clients are OSX and Windows native clients so I am curious if it will work.
connections {
radius {
version = 2
send_cert = always
encap = yes
pools = pool1
unique = replace
proposals = aes256-sha256-prfsha256-ecp256-modp2048
local {
# the id must be contained in the certificate, either as subject or as subjectAltName.
id = ${FQDN}
certs = cert.pem
}
remote {
auth = eap-radius
eap_id = %any
}
children {
child_sa_1 {
#esp_proposals =
local_ts = ${LOCALCIDR}
}
}
}
}
[1] https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics <https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics>
Kind regards,
Christian Salway
IT Consultant - Naimuri
T: +44 7463 331432
E: christian.salway at naimuri.com
A: Naimuri Ltd, Capstan House, Manchester M50 2UW
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180717/e2c0eee7/attachment.html>
More information about the Users
mailing list