Hi, I use strongswan with IKEv2 as vpn solution.
The idea is that strongswan uses packetfence (and more specifically active directory) to authenticate IKEv2 users. According to the documentation of strongswan, the eap-radius plugin allows to authenticate users by using radius. Basically, the plugin seems to unpack the IKEv2 with respect to the MSCHAPv2 authentication process and generates the required radius messages. My thought was to use my packetfence install (with active directory integration already working) as a radius server for strongswan. A user should be granted vpn access if: - username password matches - the user is: * member of the vpn group or * the user has the msNPAllowDialin attribute set in AD. My questions are: - can that be done with packetfence (and if so, a few directions would be appreciated) - should I deploy a new radius server and keep things separated from packetfence. Best, -- Jaap ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
