Hello Christophe, in principle the strongSwan server-side eap-radius plugin relays any EAP protocol to and from a remote RADIUS server (even vendor- specific and unsupported methods) because the eap-radius plugin does not inspect and process the information embedded in the generic EAP messages. Thus EAP-TLS and EAP-FRAP should pass through smoothly (Martin, please contradict me if this isn't true ;-) )
Best regards Andreas On 07/15/2010 05:40 PM, Christophe Gouault wrote: > Hello, > > I am currently testing the server-side support of EAP authentication by > charon. > > I could see that it supports the following methods: eap-aka, eap-sim, > eap-gtc, eap-md5, eap-mschapv2 and eap-radius. I also read that > vendor-specific methods can be specified in the form eap-type-vendor > (but I don't really understand how vendor-specific methods could be used > without extending charon). > > I successfully tested the support of eap-radius (the authentication > method between the client and radius server was MD5). > > I am wondering if the eap-radius "method" will pass through EAP > exchanges between the client and radius server when the EAP method used > by the client and radius server is not supported by charon. > > radius > server > | > | > IKEv2 IKEv2 > client =========== server --- > (charon) > > Typically, I would like to use the EAP-TLS and EAP-FRAP methods, that > are not supported by charon for now. > > I tried to browse the code of eap_authentifier, but I didn't find the > answer... > > Thanks for your help, > Christophe. ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
