Hello, I am currently trying to integrate strongSwan (v5.3.5) with a PAP-only RADIUS proxy. Currently, I'm using a client profile of IKEv2 with EAP which connects to strongSwan without issue. strongSwan is configured with *rightauth=eap-radius* and *rightauth2=xauth-radius:profile*. My reading of the eap-radius#xauth <https://wiki.strongswan.org/projects/strongswan/wiki/EAPRAdius#XAuth> plugin was such that it would translate the EAP conversation to regular XAuth credentials sent to the RADIUS backend via the regular User-Name and User-Password attributes. When I inspect the network traffic, the plugin is still encapsulating the EAP messages back to the AAA.
What am I misunderstanding about the builtin XAuth backend in the plugin, and what are some options I have going forward? Will I have to downgrade to traditional XAuth over IKEv1? Thanks in advance, -Kyle
