On 11/04/2016 11:32, Andreas Steffen wrote:
authentication based on Windows Machine Certificates does not use
IKEv2 EAP but directly employs IKEv2 public key authentication
between VPN client and VPN gateway which very efficiently
establishes an IPsec tunnel with a mere 4 IKEv2 messages.
(snip)
HI Andreas,
Thanks for your informative response.
The exchange itself is obviously more efficient (4 vs 18 messages) but
are there any negatives? EAP-TLS is often cited (on the web) as being a
if not THE superior authentication method, without any reasoning as to why.
Presumably IKEv2 public key authentication is just as good from a
security point of view?
The differentiation between Machine and User Certificates does apply
to Windows clients only. On a strongSwan client you can use
efficient IKEv2 public key authentication for any number of users.
Does this mean a Windows machine cannot have multiple installed Machine
certificates with different users using different ones?
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
