[Swan] additional authentication, like LDAP, Kerberos, RADIUS on tunnels

Brendan Kearney bpk678 at gmail.com
Thu Sep 15 20:44:31 EEST 2022

list members,

IKEv1 could employ L2TP and PPP to authenticate a user on one end of a 
tunnel against RADIUS, for additional security.  i am not seeing any 
info about IKEv2 being able to do so, and i may have come across write 
ups saying not to use L2TP at all with IKEv2.

is there a way to tie other authentication and authorization (AuthN/Z) 
mechanisms and policies to a IKEv2 tunnel for road warriors?  i see PSK 
and certificates as "host" based AuthN, and not specifically identifying 
a user.   i would want a tunnel to require (PSK || Certificate) + 
(User/Pass && Group Membership) in order to successfully connect.  is 
there any way of accomplishing this with IKEv2?

thank you,


More information about the Swan mailing list