blob: 6d0224cdc3004cbc1858b9a9b991d0d6b91fcf14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
At the outset the gateway authenticates itself to the client by sending
an IKEv2 <b>RSA signature</b> accompanied by a certificate.
<b>carol</b> then uses the <i>Extensible Authentication Protocol</i>
in association with an <i>MD5</i> challenge and response protocol
(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b>.
In addition to her IKEv2 identity <b>carol@strongswan.org</b>, roadwarrior
<b>carol</b> uses the EAP identity <b>carol</b>.
The user password is kept in <b>ipsec.secrets</b> on the client <b>carol</b>
and the gateway forwards all EAP messages to the RADIUS server <b>alice</b>.
<p/>
Since RADIUS accounting is enabled in <b>strongswan.conf</b>, gateway <b>moon</b>
sends user name, connection time and data volume information to the
RADIUS server <b>alice</b>.
|
