On 08/11/13 17:50, YASUOKA Masahiko wrote:
EAP-TLS would also be a very nice feature to have.
Do you mean npppd should *directly* authenticate the clients with the
TLS (certificates)?
I think it is a bad idea. Npppd should support `EAP via RADIUS'.
After it supports the `EAP via RADIUS', it will be able to use all
EAP-??? which is supported by RADIUS.
Of course I'm talking about EAP via radius.
Feel free to send diffs for beta testing when you're ready :)
What I'm wondering is what you guys do to setup the ipsec path of the
tunnel.
One option is to use a unique pre-shared key for all clients. But this
is probably insecure since
it opens MITM attacks. Isn't it?
Yes. I think IKEv2 or SSTP will help that situation.
--yasuoka
Can IKEv2 be combined with npppd without problems?
Also the problem with IKEv2 is (I think) that it's supported only on
windows 8
and not on older clients.
I haven't read about SSTP but I will have a look.
Thanks for the reply.
G
