eap-gtc Plugin » History » Version 3

« Previous - Version 3/5 (diff) - Next » - Current version
Martin Willi, 10.08.2012 11:27
Updated EAP-GTC to now use XAuth backends

EAP-GTC Plugin


The eap-gtc plugin is an IKEv2 EAP backend, as in draft-sheffer-ipsecme-ikev2-gtc. It exchanges a plain password in the secure IKEv2 channel. This password can be verified using any XAuth password backend.

Before 5.0.1, the plugin verified the credentials directly against PAM. Now it can use any XAuth backend. By default it uses xauth-pam, resembling the behavior of 4.x releases.

The plugin is disabled by default and can be enabled by adding

to the ./configure options. You also need a XAuth backend to verify the password, such as


The plugin is configured using the following strongswan.conf option:

Key Default Description
charon.plugins.eap-gtc.backend pam XAuth backend to use