[Swan] additional authentication, like LDAP, Kerberos, RADIUS on tunnels

Paul Wouters paul at nohats.ca
Fri Sep 16 20:19:02 EEST 2022

On Sep 16, 2022, at 10:50, Brendan Kearney <bpk678 at gmail.com> wrote:
> how else can one support this, or any other open source, project without code contributions?

Write documentation ?
Be helpful on mailing list, irc  and GitHub issues to others
Testing new (pre)release versions
Report bugs and issues
Packaging for different distros
Promote via word of mouth, blog articles, etc
Donate money to developers 😀


> brendan
>> On 9/15/22 3:28 PM, Paul Wouters wrote:
>> For IKEv2 that would go via EAP.
>> Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We don’t support that yet. I know strongswan does support it.
>> Paul
>> ps. Patches or other support always welcomed 😀
>> Sent using a virtual keyboard on a phone
>>>> On Sep 15, 2022, at 13:44, Brendan Kearney <bpk678 at gmail.com> wrote:
>>> list members,
>>> IKEv1 could employ L2TP and PPP to authenticate a user on one end of a tunnel against RADIUS, for additional security.  i am not seeing any info about IKEv2 being able to do so, and i may have come across write ups saying not to use L2TP at all with IKEv2.
>>> is there a way to tie other authentication and authorization (AuthN/Z) mechanisms and policies to a IKEv2 tunnel for road warriors?  i see PSK and certificates as "host" based AuthN, and not specifically identifying a user.   i would want a tunnel to require (PSK || Certificate) + (User/Pass && Group Membership) in order to successfully connect.  is there any way of accomplishing this with IKEv2?
>>> thank you,
>>> brendan
>>> _______________________________________________
>>> Swan mailing list
>>> Swan at lists.libreswan.org
>>> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list