[Swan] Question on EAP-TLS in 4.7
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Wed May 25 17:26:03 EEST 2022
Hi all,
I was just glad that EAP-TLS was implemented in libreswan-4.7. That's
such a great news.
I am looking forward for deployment on our clients. It seems that it
would simplify certificate
management to a great extent.
Is there some instruction other than this example:
# cat
./testing/pluto/interop-ikev2-strongswan-24-strongswan-eaptls/east.conf
# /usr/local/strongswan/etc/ipsec.conf - Strongswan IPsec configuration file
config setup
conn rw-eap
left=192.1.2.23
leftsubnet=0.0.0.0/0
leftauth=pubkey
leftcert=/etc/strongswan/ipsec.d/certs/east.crt
leftid=@east.testing.libreswan.org
right=%any
rightsourceip=100.64.10.0/24
rightauth=eap-tls
rightsendcert=never
keyexchange=ikev2
fragmentation=yes
ike=aes256gcm16-sha256-modp3072,aes256-sha256-modp3072,aes256gcm16-sha512-modp4096,aes256-sha256-modp1024,aes256-sha1-modp1024!
esp=aes256gcm16-sha256-modp3072,aes256-sha256-modp3072,aes256gcm16-sha512-modp4096,aes256-sha256-modp1024,aes256-sha1!
dpdaction=clear
dpddelay=300s
reauth=no
eap_identity=%identity
aaa_identity=east.testing.libreswan.org
auto=add
I would also like to run VPN with already issued v4.5 client
certificates simultaneously.
Is this possible in Libreswan configuration and implementation semantics?
I would appreciate any documentation.
Thank you.
Best regards,
Mirsad
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
More information about the Swan
mailing list