On LDAP or Radius is possibile to auth over a NT-Password and I think LM as well, yes AD format. I often use mschap for testing purpose and would be great having an embedded but configurable strongswan server in a cheap router.
2018-01-04 14:46 GMT+01:00 Noel Kuntze < noel.kuntze+strongswan-users-ml@thermi.consulting>: > Not on openwrt. But you need plaintext or AD like passwords in LDAP. > Otherwise you can't auth with mschap(v2). > > On 04.01.2018 14:38, Giuseppe De Marco wrote: > > Yes Noel and thank you, my question is: > > Is there any experiences about running strongswan in openwrt as ikev2 > server with mschap,radius,ldap auth backend? > > > > 2018-01-04 14:17 GMT+01:00 Noel Kuntze <noel.kuntze+strongswan-users- > ml@thermi.consulting <mailto:noel.kuntze+strongswan-users-ml@thermi. > consulting>>: > > > > Hi, > > > > `ipsec` is just a command line tool. It's not a daemon (or generally > a service). > > Are there any open questions? > > > > Kind regards > > > > Noel > > > > On 04.01.2018 14:14, Giuseppe De Marco wrote: > > > Hi and thank you Noel, > > > I meant to run ipsec and charon in the embedded openwrt router, I > use dpd as well > > > > > > # dead-peer detection to clear any "dangling" connections in > case the client unexpectedly disconnects > > > dpdaction=clear > > > # If the tunnel has no traffic for this long (default 30 secs), > Charon will send a dead peer detection packet. The value 0 means to not > send such packets, relying on ordinary traffic, which will occur at least > once an hour, which is the default rekeying lifetime. > > > dpddelay=33s > > > # DPD Retries : 3 > > > dpdtimeout=300s > > > > > > Running strongswan in a 18-70$ openwrt router is very usefull in > many way > > > > > >