Hello,
I have a question regarding authentication options in OpenIKED on
OpenBSD 7.2
On my test lab I have one OpenBSD 7.2 machine with OpenIKED configured
to use PSK and a macOS 13.2.1 client that can connect to it.
I read in: man iked.conf that PSK should not be used, so I am now
investigating EAP with MSCHAP-V2 and X.509 certificate authentication,
but I am confused as to which is more secure.
It seems to me that if I use EAP with MSCHAP-V2, I need a certificate on
the OpenBSD machine, but I can connect from the macOS client with a user
name and password, whereas X.509 authentication requires an X.509
certificate on *BOTH* client and server - is that correct ?
If it is, is the reason that X.509 authentication is more secure because
of the two certificates required, whereas authentication with EAP with
MSCHAP-V2 is less secure because only one certificate is required ?
Thanks,
- J
- Authentication in OpenIKED J Doe
-
