Hi Tobias, Unfortunately IKEv2 is a requirement, and they have requested username/password authentication because they don't like the "struggles" of installed a CA cert and a client cert.
Currently the authentication is done with MSCHAPv2 which requires SS to have a plain text copy of the password in order to create the Challenge hash, I understand that.... however, what if SS was able to retrieve the plain text password from another source other than a local config file, eg Amazon's SecretsManager for example? Is this something that is available or that you guys could write (at a price Im sure)? Regards, Christian Salway IT Consultant Tel: 07463 331432 [email protected] <http://www.naimuri.com/> <http://www.naimuri.com/> > On 9 May 2018, at 13:12, Tobias Brunner <[email protected]> wrote: > > Hi Christian, > >> Is there a way to authenticate against local Linux users? > > Not with Windows or Apple clients, unless you use IKEv1 (see [1] and [2]). > > Regards, > Tobias > > [1] https://wiki.strongswan.org/projects/strongswan/wiki/XAuthPAM > [2] https://wiki.strongswan.org/projects/strongswan/wiki/Eap-gtc
