Mailing List Archive

From:: Kapetanakis Giannis <bilias@edu.physics.uoc.gr>
Subject:: Re: iked: RADIUS support
To:: tech@openbsd.org
Cc:: YASUOKA Masahiko <yasuoka@openbsd.org>
Date:: Fri, 26 Jan 2024 13:40:51 +0200

Download raw body.

Thread

2024-01-25 16:34 Uwe Werler:
iked: RADIUS support
- 2024-01-26 00:04 YASUOKA Masahiko:
  iked: RADIUS support
2024-01-26 11:40 Kapetanakis Giannis:
iked: RADIUS support
- 2024-01-26 13:09 Stuart Henderson:
  iked: RADIUS support
- - 2024-01-28 11:31 YASUOKA Masahiko:
    iked: RADIUS support

On 25/01/2024 11:50, YASUOKA Masahiko wrote:
> Hello,
>
> The diff adds RADIUS support for iked(8).
>
>   ---
>   ikev2 RAS passive esp \
>     from 0.0.0.0/0 to 0.0.0.0  \
>     local any peer any \
>     srcid (FQDN) \
>     eap radius \
>     config address 192.168.0.0/24
>     
>   radius server 192.168.0.4 secret testing123
>   # radius accounting server 192.168.0.4 secret testing123
>   ---
>
> We can ask EAP for a RADIUS server which supports EAP.  Unfortunetely
> radiusd(8) has no config which terminates EAP yet, so freeradius,
> Windows AD, or other is needed for test.
>
> Also
>
>  - Use RADIUS attriubutes for configurations
>  - RADIUS accouting is also supported
>
> comments? test? ok?

Hi,

Does this mean an inner EAP tunnel will go to the radius server, thus supporting authentication types like
EAP-TLS / EAP-TTLS/PAP / EAP-PEAP/MSCHAPv2 depending on client and radius (IDP) server configuration?

G

2024-01-25 16:34 Uwe Werler:
iked: RADIUS support
- 2024-01-26 00:04 YASUOKA Masahiko:
  iked: RADIUS support
2024-01-26 11:40 Kapetanakis Giannis:
iked: RADIUS support
- 2024-01-26 13:09 Stuart Henderson:
  iked: RADIUS support
- - 2024-01-28 11:31 YASUOKA Masahiko:
    iked: RADIUS support