Hi Matt, IKEv2 allows any EAP protocol to be used for VPN client authentication. Examples are EAP-SIM, EAP-AKA, EAP-MSCHAPv2, EAP-MD5, EAP-GTC, etc. On the VPN gateway you can just forward the EAP messages to a RADIUS server. The following sample scenario shows a strongSwan client doing IKEv2 EAP-SIM authentication with a strongSwan gateway forwarding the EAP messages to a FreeRADIUS server.
http://www.strongswan.org/uml/testresults43/ikev2/rw-eap-sim-id-radius/ Here is another scenario for IKEv2 EAP-MD5 without EAP Identity: http://www.strongswan.org/uml/testresults43/ikev2/rw-eap-md5-radius/ Best regards Andreas Matthew Cini Sarreo wrote: > Hello All, > > My apologies if this has already been asked. > > We are interested to have our implementation of IKEv2 to provide support > for authentication with a RADIUS server. We did this in IKEv1 by > implementing XAuth. For IKEv2, the only resource that seems to tackle > this is > http://www.employees.org/~ddukes/ikev2_cp_dhcp_radius_ietf56.pdf, which > seems quite old. Is this still valid to use? > > Thanks & Regards, > Matt ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
