Hi, the eap-ttls plugin requires the eap-identity plugin:
http://git.strongswan.org/?p=strongswan.git;a=blob;f=src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c;h=7ccbc93813c0bd4ba2879f690ed445677c66a78c;hb=HEAD#l31 since usually the true client identity is protected by the outer TLS wrapper. Regards Andreas On 13.09.2013 06:29, Far.Runner wrote:
Hi, I am using strongswan 5.0.3 on ubuntu 12.04 server, and I used "--enable-eap-tls --enable-eap-ttls" before make. the compilation and installation was successful, and I could see ttls plugin has been installed: /usr/local/lib/ipsec/plugins$ ls -1|grep ttls libstrongswan-eap-ttls.a libstrongswan-eap-ttls.la <http://libstrongswan-eap-ttls.la> libstrongswan-eap-ttls.so but it seems strongswan doesn't load eap-ttls (eap-tls does got loaded) /usr/local/etc# ipsec start Starting strongSwan 5.0.3 IPsec [starter]... /usr/local/etc# ipsec statusall Status of IKE charon daemon (strongSwan 5.0.3, Linux 3.5.0-23-generic, i686): uptime: 10 seconds, since Sep 12 21:26:32 2013 malloc: sbrk 135168, mmap 0, used 99880, free 35288 worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 0 loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-tls xauth-generic Listening IP addresses: 10.0.2.15 10.1.1.2 192.168.56.111 Connections: rw: 10.1.1.2...10.1.1.1 IKEv2 rw: local: [10.1.1.2] uses pre-shared key authentication rw: remote: [10.1.1.1] uses pre-shared key authentication rw: child: dynamic === fec1::/16 TUNNEL Security Associations (0 up, 0 connecting): none /usr/local/etc# more strongswan.conf # strongswan.conf - strongSwan configuration file charon { # number of worker threads in charon threads = 16 # send strongswan vendor ID? # send_vendor_id = yes plugins { sql { # loglevel to log into sql database loglevel = -1 # URI to the database # database = sqlite:///path/to/file.db # database = mysql://user:password@localhost/database } } # ... } pluto { } libstrongswan { # set to no, the DH exponent size is optimized # dh_exponent_ansi_x9_42 = no } I used default strongswan.conf, Could you tell me how to load eap-ttls? _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users