Closed AuthorShin closed 2 years ago
hwdsl2
commented
2 years ago @AuthorShin Hello! Thank you for your suggestion. EAP support for IKEv2 is currently a planned feature being developed in Libreswan, which is not yet available in the latest version Libreswan 4.6. Currently, there is no plan to switch to use strongSwan in this project.
AuthorShin
commented
2 years ago @hwdsl2 Thanks for the response. Do you know when it will be available (it's very important for me)? Or do you know any way of having IPsec/L2TP with IKEv2 (EAP) together? Not switching totally just add an option or maybe new project along with this one.
hwdsl2
commented
2 years ago @AuthorShin I am not sure, you may ask in the Libreswan repo [1] or the Libreswan users mailing list [2]. Currently, there is no plan to add strongSwan to this project.
[1] https://github.com/libreswan/libreswan/issues [2] https://lists.libreswan.org/mailman/listinfo/swan
letoams
commented
2 years ago On Sun, 27 Feb 2022, AuthorShin wrote:
Thanks for the response. Do you know when it will be available (it's very important for me)?
EAPTLS is in libreswan git main, and will be part of the 4.7 release. While that puts the infrastructure in place for EAP support, it does not include EAP MSchapv2 support. There are currently no plans to add this support without a sponsor.
Or do you know any way of having IPsec/L2TP with IKEv2 (EAP) together?
If you do IPsec/L2TP, you are using pppd, so if you can hook up pppd to your authentication scheme (eg radius or something else) you can use that for the inner authentication at the l2tp/ppp layer.
Paul Wouters libreswan
Checklist
Describe the enhancement request Hello Is it possible to add EAP-MSCHAPv2 identification option for authenticating clients along with the .PEM certification like this one in the tutorial because there a lot of clients that are unable to been authenticated with only certificates (TLS). If it's not possible to use it with Liberswan how about using Strongswan instead?