[Swan] Question on EAP-TLS in 4.7

Paul Wouters paul at nohats.ca
Wed May 25 17:52:32 EEST 2022

On Wed, 25 May 2022, Mirsad Goran Todorovac wrote:

> I was just glad that EAP-TLS was implemented in libreswan-4.7. That's such a 
> great news.
> I am looking forward for deployment on our clients. It seems that it would 
> simplify certificate
> management to a great extent.
> Is there some instruction other than this example:
> # cat ./testing/pluto/interop-ikev2-strongswan-24-strongswan-eaptls/east.conf
> # /usr/local/strongswan/etc/ipsec.conf - Strongswan IPsec configuration file

libreswan as a eaptls server can be found at:


> I would also like to run VPN with already issued v4.5 client certificates 
> simultaneously.

Not sure what you mean? If you mean migrating from non-eaptls to eaptls,
that _should_ work but we did not test that.


More information about the Swan mailing list