EAP is authentication protocol framework. It encapsulates authentication method, giving both sides ability to choose method they both support.
There were originally only PAP and CHAP protocols to authenticate peers, then EAP was invented as extensible framework. See more on EAP: https://tools.ietf.org/html/rfc3748 See more on some EAP protocols: https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection Currently defined methods are eap-aka, eap-gtc, eap-md5, eap-mschapv2, eap-peap, eap-sim, eap-tls, eap-ttls, eap-dynamic, and eap-radius. In DO example they use mschapv2. Here it is: https://tools.ietf.org/html/rfc2759 but you may need to read https://www.ietf.org/rfc/rfc1994.txt first On server, open /etc/ipsec.secrets and set someuser : EAP "somepass" On Android, use "someuser" as login and "somepass" as pass. Server and Android will agree on EAP protocol (mschapv2 in this case), then mschapv2 will take place (as covered in rf1994 and rfc2759) and android will auth itself to server. EAP is used for authentication only. It is not used to encrypt data after it. On Tue, Dec 11, 2018 at 5:08 PM eyas barhouk <eya...@hotmail.com> wrote: > Hello dears , > > I'm trying to build IPsec tunneling mode to use it with strong-swan > android client as the following tutorial: > > https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 > > But i didn't understand how IKEV2-EAP work, to be clear i know that the > EAP is asymmetric cryptographic way, but i didn't get what is the privet & > public key on it , and based on what the server encrypting and > authenticating the messages, and is the username equal to the public key > and the password equal to the privet key ? > > > Thanks in advance > Best regards >
