Hi Martin, Thanks for the clearing up things. I will first move to v5.x then come back.
On 2/18/2013 7:44 PM, Martin Willi wrote: > Hi Azfar, > >> I am using Strongswan 4.5.2 (Debian Squeeze) with xauthrsasig auth type. >> Now I want to replace ipsec.secrets and put a radius server. > In 4.5.2, IKEv1 is handled in the "pluto" daemon. Pluto does not have > support for RADIUS authentication. > > With strongSwan 5.x, we reimplemented IKEv1 in the newer "charon" daemon > which also supports IKEv2. With its eap-radius backend and the xauth-eap > bridge, you can authenticate XAuth clients against RADIUS. It requires a > RADIUS server that speaks EAP, though. See [1] for details. > >> 1) Can I still use xauth+rsa as a auth mechanism with eap-radius plugin. > With the xauth-eap helper plugin, yes. > >> 2) Do I need to recompile strongswan for eap-radius plugin or Debian 6 >> comes with it. > You need at least 5.0.0, better 5.0.2, which doesn't come with Debian > yet. Also, you need the eap-radius and the xauth-eap plugins, along with > a suitable EAP method. > >> 3) I want to use single server for both radius and strongswan, what is >> the role of strongswan.conf in *"alice"*? > Alice is the RADIUS server in this example, so you won't need it. You > can install your RADIUS server on moon, and configure eap-radius to use > the local RADIUS server. > > Regards > Martin > > [1]http://wiki.strongswan.org/projects/strongswan/wiki/XAuthEAP > -- AzfarHashmi Cloudways Your Managed Cloud e: [email protected] w: www.cloudways.com <http://www.cloudways.com> PGP keyid: 0xF42034B0F915D729 http://keyserver.pgp.com
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
