From: Stuart Henderson Subject: Re: iked: RADIUS support To: YASUOKA Masahiko Cc: tobhe@openbsd.org, tech@openbsd.org, markus@openbsd.org, uwe@werler.is, bilias@edu.physics.uoc.gr Date: Mon, 29 Jan 2024 20:24:02 +0000 On 2024/01/29 09:43, YASUOKA Masahiko wrote: > Let me update the diff. Now I think it works with EAP methods other > than MSCHAP-V2. > > - feedbacks from markus > - support MSK which legnth != 16 > - give "iked_" for the functions in radiusd > - pass EAP messages which type isn't support eap.c I can only test user/password auth via RADIUS at the moment, I don't have anything setup for EAP_TLS etc. Connecting from Android StrongSWAN configured for user/password authentication, using FreeRADIUS (with the standard "users" file backend to authenticate) is working OK for me. (At first I had problems, but then I noticed I had "default_eap_type = md5" in mods-enabled/inner-eap from something which I was testing a long time ago and had forgotten about - that failed because it doesn't return the MS-MPPE-Send-Key and ...-Recv-Key attributes - I don't think other people are very likely to run into this :-)