Hello, Martin,
Thanks a lot for your advices. Currently, I'm trying to discover
is my cisco RV082/RV200 EAP compatible. As far I understand, I can use
only PSK on these devices.
Reseller is not available. anyway, I have to check.
Could someone tell me client VPN Router which supports EAP.
I will find the docs and compare features with my RV082/RV200 ?
Thanks again for everyone.
Alex
On 25.09.14 15:54, Martin Willi wrote:
Hi,
is there any possibility to authenticate IPSec pre-shared keys (PSK)
not from ipsec.secrets.
As IKE PSK authentication has security implications and is not
recommended for larger deployments, we don't provide any backend for
preshared keys beyond ipsec.secrets or swanctl.conf. However, you may
implement your own plugin that returns preshared keys from a custom
source for authentication.
Usually you'd use EAP that allows you to forward user authentication to
your AAA backend using the eap-radius plugin [1].
It would be great for me to build some logic on radius server with
traditional start/stop/alive events..
Such events can be realized using the accounting functionality in the
eap-radius plugin. Even if you do authentication by other means,
strongSwan can send such information to your AAA backend over RADIUS.
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
