Artur Hecker schrieb:
hi norbert
i didn't get the following points:
1. why would you do need PPP _after_ IPSEC at all? -and-
2. why is the PPP auth type important if the underlying connection is already using IPSEC? you can use PAP if you want, it will be encrypted anyway - it is what you seem to do currently. so where is the problem?
I would like to use native MS DUN to configure a VPN connection using smart cards.
As far as I understand MS's concept for VPNs using native Windows clients you encrypt your network connection with ipsec using a machine certificate.
No userrights are are tied to this certificate, just encryption.
Userrights /Access restrictions from MS's point of view are linked to personal certificates which are possibly stored on smart cards.
It is a CardOS card, don't know more about the driver.
besides, i would like to know which smartcards you use under windows and if the driver is native in windows or provided by the smartcard manufacturer.
and finally: i don't see how it is related to radius. the answer from the radius point of view could be to give you the list of supported PPP authentication protocols:
- PAP - CHAP - MSCHAP (v1 and v2 for as far as i know) - EAP: - EAP/MD5 - EAP/TLS - LEAP
did i forget something?
The relation to radius is, that we are using freeradius at this time for l2pt/ipsec connections - not with certificates on smart cards, but with login /password. Freeradius handles ipaddresses for the clients and authenticates the l2tp/ppp session.
Norbert
ciao artur
smime.p7s
Description: S/MIME Cryptographic Signature
