For IKEv2 that would go via EAP. Currently, only EAPTLS is implemented. You are looking at EAP-mschapv2. We don’t support that yet. I know strongswan does support it.
Paul ps. Patches or other support always welcomed 😀 Sent using a virtual keyboard on a phone > On Sep 15, 2022, at 13:44, Brendan Kearney <[email protected]> wrote: > > list members, > > IKEv1 could employ L2TP and PPP to authenticate a user on one end of a tunnel > against RADIUS, for additional security. i am not seeing any info about > IKEv2 being able to do so, and i may have come across write ups saying not to > use L2TP at all with IKEv2. > > is there a way to tie other authentication and authorization (AuthN/Z) > mechanisms and policies to a IKEv2 tunnel for road warriors? i see PSK and > certificates as "host" based AuthN, and not specifically identifying a user. > i would want a tunnel to require (PSK || Certificate) + (User/Pass && Group > Membership) in order to successfully connect. is there any way of > accomplishing this with IKEv2? > > thank you, > > brendan > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
