[strongSwan] Username/password authentication for road warriors
Philippe Strauss
philippe at strauss-engineering.ch
Fri Mar 6 17:16:47 CET 2020
I use the following with the OS X client :
keyexchange=ikev2
# left - server configuration
left=%any
leftsubnet=0.0.0.0/0 # all client traffic is redirected through vpn gateway
leftauth=pubkey
leftcert=cert.pem
leftsendcert=always
leftid=www.strauss-engineering.ch
# right - client confguration
right=%any
rightsourceip=10.9.8.0/24 # pool of IPs which we providing for vpn clients
rightauth=eap-mschapv2 # authenticate by username and password
rightsendcert=never
rightdns=8.8.8.8 # DNS server for clients
rightid=%any
eap_identity=%identity
…but I’m a strongswan beginner, maybe someone else may have better answer.
> Le 6 mars 2020 à 17:04, Alexander Reshetov <alexander.v.reshetov at gmail.com> a écrit :
>
> Hello,
>
> I'm trying to implement password based VPN for multiple users. The idea is
> to provide users with server address, remote id, (probably) local id, and
> username and password. So server will have list of users auth data. I use
> MacOS's default client from System Preferences.
>
> If left side is my server, and right side is clients, what left|rightauth
> should I use in this case. It seems that for clients (right side) I need
> EAP auth. What auth should be used for server (left side) - there
> is no such configuration option in MacOS client?
--
Philippe Strauss
https://www.strauss-engineering.ch
More information about the Users
mailing list