Hi Dimitry, > are strongSwan able to handle auth using freeradius as backend auth > server for mac os x clients?
Yes. > I compile strongSwan with --enable-eap-radius, radius is already > configured and works with xl2tp (L2TP server). We have discussed this a few times already on this list: The eap-radius backend, as its name indicates, uses forwards EAP within RADIUS to authenticate (usually IKEv2) users. We currently have no plain RADIUS interface to verify User-Name/User-Password RADIUS attributes. IKEv1 clients, in contrast to IKEv2, can't speak EAP. They just send plain username/password attributes in the XAuth exchange. But you can use the xauth-eap backend: it allows your gateway to do an EAP exchange (as client) with the RADIUS server using the received XAuth credentials. Have a look at [1] for the xauth-eap details. Regards Martin [1]http://wiki.strongswan.org/projects/strongswan/wiki/XAuthEAP _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users