[strongSwan] Google Scure LDAP and User-Password
tobias at strongswan.org
Fri Feb 28 15:18:23 CET 2020
> - Can one set up Strongswan to forward password from user?
Only via EAP-GTC  are cleartext passwords from the client available.
Practically no clients other than strongSwan support this.
If you find an IKEv2 client that supports EAP-TTLS/PAP (strongSwan
itself does not), it might work too if you configure FreeRADIUS
> - What stops any user connecting to IKEv2 and attempting brute force connections against a user account.
Nothing really but strong passwords. Perhaps you could implement some
kind of delay on the RADIUS/LDAP server, or limit the number of login
attempts per username and minute to make such attacks more difficult.
More information about the Users