On 2015-11-09 1:48 AM, Martin Willi wrote:
EAP is probably the way to go if you want password authentication with
IKEv2. For PAM verification the server needs the clear text password,
which can be achieved with EAP-GTC. Unfortunately, not many third party
clients support it.
Thanks for the resp
Hi John,
> The IKEv1 connections use pubkey & xauth-pam authentication:
> Is there a migration path for IKEv2 connections that makes sense? I see
> there is an eap-gtc module that supports pam but it's not clear in the
> documentation how to configure this to use a specific pam_service.
EAP is
We're in the process of migrating clients from IKEv1-based connections
to IKEv2-based connections.
The IKEv1 connections use pubkey & xauth-pam authentication:
conn iphone-ios8
keyexchange=ikev1
rightauth=pubkey
rightauth2=xauth-pam
[...]
Is there a migration path for IKEv2 connections