-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Cindy,
Yes, that plugin is the apropriate one. You'd set rightauth2=eap-gtc and simply configure the eap-gtc plugin in strongswan.conf directly, if you can't find the configuration file for it. You need a seperate conn section for IKEv1 and IKEv2, if you use protocol specific features (XAUTH, EAP, ...). Mit freundlichen Grüßen/Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 19.12.2014 um 22:19 schrieb Cindy Moore: > Is there a way to use ldap authentication with ikev2? Obviously > xauth-pam will only work with ikev1, but in looking over the Android > Strongswan app, I notice that's ikev2 only. > > It looks to me, from looking at this page: > https://wiki.strongswan.org/projects/strongswan/wiki/EapGtc > > that this is the plugin to do that? > > I already have compiled strongswan with --enable-xauth-pam, I'd need > to recompile adding in --enable-eap-gtc > > I'm a little unclear as to what the conn would look like. Right now, > this works fine on ikev1 and xauth-pam > > conn roadwarrior-ldap > keyexchange=ikev1 > leftid=vpn.sysnet.ucsd.edu > rightauth=pubkey > rightauth2=xauth-pam > auto=add > > Would it be sufficient to remove the forced ikev1 setting in there? Or > do I need to add in a new conn > > conn roadwarrior-ldap2 > keyexchange=ikev2 > leftid=vpn.sysnet.ucsd.edu > rightauth=pubkey > rightauth2=eap-gtc > auto=add > > I don't see a strongswan.d/charon/eap-gtc.conf file -- does it need one? > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJUlJbsAAoJEDg5KY9j7GZY9UkQAIJZZi+rVUVDndAWCfnkm5A+ Ia3aE0I4brUupdArRzjiTU4vgj8brTbseQq1hhwE1ftguaEhTAcQsb+DkI+3clC9 akn8YJCmSihO6bYlqNUm/lc2544wJFusfsy7Yg9Jihpt6Ah/0rA3fuHZQpaAza3q mQwQ0cWMk1V4VUdUAxTHffMuqoB1zImA+2/v0kw26Z5KywEWCxh5+gSgqlOCJySp 3zOfUr+0nfAWCQRZqQz8v1tosoElEkp5x6zXOFLyUb0ZVWF92OYDsL6rQF18oJy0 PPYJz3ewumCu5WYQwiLV1jgP4KRRVqiWDYl0+8HsnPyO62DNyx21FjZI6tS3dpcv i4Iswe1Mrz/r6t8IjHk5fs5kz/v4xhPjWa6vpG7DER2JkhlN6hueh6ra8etM2YSI fIiLAG8KQuBZOFhaDeJWFGr0I7Guhtau9kwBfEdTCzqfEfvUw5cW4Q26n6PpgNRx IfVNixHi5FdDnZPng/tlcShWppsm3zC2YjAL0r3bzYKE41FI85s4fAa/uRKXpE5j gRYtnn105zBON/AgjahGEamrqqWSFlaiShpHl3LT/OC0COHz8A2dpjr+6Ak2kU8a WXOTa7XQcZ5SUqb/JPw2tDO17wCURkz3s5bNnTCzD3T3XzeboB6kvb5UOQ9cELoM HdK32Fk2PJYbfBlmH7HJ =7vIL -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
