[Swan] additional authentication, like LDAP, Kerberos, RADIUS on tunnels

Brendan Kearney bpk678 at gmail.com
Fri Sep 16 17:50:03 EEST 2022


when it comes to development, i have a negative IQ.  i literally suck 
the intelligence out of the room.  i would not want to inflict myself on 
your code :)

how else can one support this, or any other open source, project without 
code contributions?

brendan

On 9/15/22 3:28 PM, Paul Wouters wrote:
> For IKEv2 that would go via EAP.
> Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We don’t support that yet. I know strongswan does support it.
>
> Paul
> ps. Patches or other support always welcomed 😀
>
> Sent using a virtual keyboard on a phone
>
>> On Sep 15, 2022, at 13:44, Brendan Kearney <bpk678 at gmail.com> wrote:
>>
>> list members,
>>
>> IKEv1 could employ L2TP and PPP to authenticate a user on one end of a tunnel against RADIUS, for additional security.  i am not seeing any info about IKEv2 being able to do so, and i may have come across write ups saying not to use L2TP at all with IKEv2.
>>
>> is there a way to tie other authentication and authorization (AuthN/Z) mechanisms and policies to a IKEv2 tunnel for road warriors?  i see PSK and certificates as "host" based AuthN, and not specifically identifying a user.   i would want a tunnel to require (PSK || Certificate) + (User/Pass && Group Membership) in order to successfully connect.  is there any way of accomplishing this with IKEv2?
>>
>> thank you,
>>
>> brendan
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan


More information about the Swan mailing list