On Fri, 08 Nov 2013 14:38:33 +0200 Kapetanakis Giannis <bil...@edu.physics.uoc.gr> wrote: > Playing around with npppd was straight forward and I was quite > impressed with it. Good job.
Thanks. > EAP-TLS would also be a very nice feature to have. Do you mean npppd should *directly* authenticate the clients with the TLS (certificates)? I think it is a bad idea. Npppd should support `EAP via RADIUS'. After it supports the `EAP via RADIUS', it will be able to use all EAP-??? which is supported by RADIUS. > What I'm wondering is what you guys do to setup the ipsec path of the > tunnel. > > One option is to use a unique pre-shared key for all clients. But this > is probably insecure since > it opens MITM attacks. Isn't it? Yes. I think IKEv2 or SSTP will help that situation. --yasuoka
