[Swan] additional authentication, like LDAP, Kerberos, RADIUS on tunnels

Paul Wouters paul at nohats.ca
Fri Sep 16 21:50:01 EEST 2022

On Thu, 15 Sep 2022, Michael Schwartzkopff wrote:

> On 15.09.22 21:28, Paul Wouters wrote:
>>  For IKEv2 that would go via EAP.
>>  Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We
>>  don’t support that yet. I know strongswan does support it.
> strongswan supports all kind of EAP. Basically the VPN server only passes the 
> EAP packets on to the RADIUS server. And FreeRADIUS supports all (!) EAP 
> types.

Yes, it would be nice to get a "basic" patch for this :)


More information about the Swan mailing list