Alain Perry <[EMAIL PROTECTED]> wrote: > I want users to be able to authenticate over an insecure link (wireless > for example) and then to be able to use that link with maximum privacy.
Use EAP-TLS, EAP-TTLS, or EAP-PEAP. > My users profiles are stored in an LDAP directory. Then EAP-TLS is probably not worth it. > I would like to use EAP-TLS as it is supported in most OSs to > exchange data with the user about the establishment of an IPsec > tunnel (using AH in tunneling mode). That's not how wireless works. It sets up an encryption key used to encryprt the wireless traffic, but there's no IPSec involved. > Is that possible ? I believe I read something about LDAP and EAP-TLS > being incompatible and I couldn't find anything about using EAP-TLS for > anything but PPP. See http://www.freeradius.org/doc/ for some how-to's. > Would you advise another way of authenticating users and establishing > the tunnel ? TTLS or PEAP. Free clients exist for both for Windows & Unix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
