Skip to content

Commit 0869d3f

Browse files
kittenkitten
committed
Add extended EAP support
1 parent 78e26a6 commit 0869d3f

File tree

2 files changed

+29
-23
lines changed

2 files changed

+29
-23
lines changed

Dockerfile

+14-1
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,20 @@ RUN mkdir -p /usr/src/strongswan \
1212
&& curl -SL "https://download.strongswan.org/strongswan-$STRONGSWAN_VERSION.tar.gz" \
1313
| tar -zxC /usr/src/strongswan --strip-components 1 \
1414
&& cd /usr/src/strongswan \
15-
&& ./configure --prefix=/usr --sysconfdir=/etc --enable-kernel-libipsec \
15+
&& ./configure --prefix=/usr --sysconfdir=/etc \
16+
--enable-kernel-libipsec \
17+
--enable-eap-radius \
18+
--enable-eap-mschapv2 \
19+
--enable-eap-identity \
20+
--enable-eap-md5 \
21+
--enable-eap-mschapv2 \
22+
--enable-eap-tls \
23+
--enable-eap-ttls \
24+
--enable-eap-peap \
25+
--enable-eap-tnc \
26+
--enable-eap-dynamic \
27+
--enable-xauth-eap \
28+
--enable-openssl \
1629
&& make \
1730
&& make install \
1831
&& rm -rf /usr/src/strongswan

ipsec.conf

+15-22
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,6 @@ config setup
55
charondebug="cfg 2, dmn 2, ike 2, net 0"
66

77
conn %default
8-
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes128-sha256-modp1536,aes256-sha3$
9-
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4$
108
dpdaction=clear
119
dpddelay=300s
1210
rekey=no
@@ -22,32 +20,27 @@ conn %default
2220
keyingtries=1
2321
auto=add
2422

25-
###################################
23+
#######################################
24+
# EAP Connections
25+
#######################################
26+
27+
# This detects a supported EAP method
28+
conn IKEv2-EAP
29+
keyexchange=ikev2
30+
eap_identity=%any
31+
rightauth=eap-dynamic
32+
33+
#######################################
2634
# PSK Connections
27-
###################################
35+
#######################################
2836

29-
conn IPSec-IKEv2-PSK
37+
conn IKEv2-PSK
3038
keyexchange=ikev2
3139
authby=secret
3240

33-
conn CiscoIPSec
41+
# Cisco IPSec
42+
conn IKEv1-PSK-XAuth
3443
keyexchange=ikev1
3544
leftauth=psk
3645
rightauth=psk
3746
rightauth2=xauth
38-
39-
###################################
40-
# XAuth and Pubkey Connections
41-
###################################
42-
43-
conn CiscoIPSec-XAuth
44-
keyexchange=ikev1
45-
rightauth=pubkey
46-
rightauth2=xauth
47-
auto=add
48-
49-
conn IPSec-IKEv2-EAP
50-
keyexchange=ikev2
51-
leftsendcert=always
52-
eap_identity=%any
53-
rightauth=eap-mschapv2

0 commit comments

Comments
 (0)