Hi Matt, As commented by Andreas, IKEv2 allows any EAP method to be used.
For instance, the OpenIKEv2 implementation (http://openikev2.sourceforge.net) allows you to configure the VPN gateway as an EAP pass-throwgh authenticator, that is, just forwarding the received EAP packets from the client (thought the IKEv2 channel) to the RADIUS server (using RADIUS transport) and vice-versa. On the client side, OpenIKEv2 is easily extensible to add support for any EAP method just by adding a new subclass of the EapClient abstract class. The scenarios would be similar to those indicated by Andreas. Best regards, Alejandro > Hi Matt, > > IKEv2 allows any EAP protocol to be used for VPN client authentication. > Examples are EAP-SIM, EAP-AKA, EAP-MSCHAPv2, EAP-MD5, EAP-GTC, etc. > On the VPN gateway you can just forward the EAP messages to a RADIUS > server. The following sample scenario shows a strongSwan client doing > IKEv2 EAP-SIM authentication with a strongSwan gateway forwarding the > EAP messages to a FreeRADIUS server. > > http://www.strongswan.org/uml/testresults43/ikev2/rw-eap-sim-id-radius/ > > Here is another scenario for IKEv2 EAP-MD5 without EAP Identity: > > http://www.strongswan.org/uml/testresults43/ikev2/rw-eap-md5-radius/ > > Best regards > > Andreas > > Matthew Cini Sarreo wrote: > > Hello All, > > > > My apologies if this has already been asked. > > > > We are interested to have our implementation of IKEv2 to provide support > > for authentication with a RADIUS server. We did this in IKEv1 by > > implementing XAuth. For IKEv2, the only resource that seems to tackle > > this is > > http://www.employees.org/~ddukes/ikev2_cp_dhcp_radius_ietf56.pdf, which > > seems quite old. Is this still valid to use? > > > > Thanks & Regards, > > Matt > > ====================================================================== > Andreas Steffen andreas.stef...@strongswan.org > strongSwan - the Linux VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > _______________________________________________ > IPsec mailing list > IPsec@ietf.org > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
