Hello Kimmo, > Does this mean that now the AAA server needs to be configured to use > EAP, let's say EAP-MSCHAPv2?
With the xauth-eap plugin, yes. This is the same configuration that you'd use for IKEv2 clients, Windows 7 Agile VPN for example. > Then AAA receives the access request from Strongswan and AAA server > then responds or starts EAP and strongswan needs to have that > eap-mschapv2 enabled? Yes. AAA should request a (password based) EAP method, and the strongSwan gateway acts as client for this EAP method using XAuth credentials from the client. To use EAP-MSCHAPv2, pass --enable-eap-mschapv2 to ./configure (and enable a MD4 implementation, either through --enable-openssl or --enable-md4). Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
