Project

General

Profile

History

strongSwan User Documentation » Trusted Network Connect (TNC) HOWTO »

strongSwan as TNC Client » History » Version 13

« Previous - Version 13/22 (diff) - Next » - Current version
Andreas Steffen, 14.12.2010 21:12

strongSwan as TNC Client

Configuration as a TNCCS 2.0 Client with EAP-MD5 password-based client authentication

./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
            --enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
            --enable-eap-tnc --enable-tnc-imc --enable-tnccs-20

/etc/strongswan.conf - strongSwan configuration file

charon {
  plugins {
    eap-tnc {
      protocol = tnccs-2.0
    }
    tnc-imc {
      preferred_language = de, en
    }
  }
}

/etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp"

/etc/ipsec.conf - strongSwan IPsec configuration file

conn home
     leftid=carol@strongswan.org
     leftauth=eap
     right=192.168.0.1
     rightid=@moon.strongswan.org
     rightsendcert=never
     rightsubnet=10.1.0.0/16
     auto=add

Log file

Configuration as a TNCCS 2.0 Client with EAP-TLS certicate-based client authentication

./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
            --enable-eap-tls --enable-eap-ttls --enable-eap-identity
            --enable-eap-tnc --enable-tnc-imc --enable-tnccs-20

/etc/strongswan.conf - strongSwan configuration file

charon {
  plugins {
    eap-tnc {
      protocol = tnccs-2.0
    }
    tnc-imc {
      preferred_language = ru, fr, en
    }
  }
}

/etc/ipsec.secrets - strongSwan IPsec secrets file

: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"

/etc/ipsec.conf - strongSwan IPsec configuration file

conn home
     leftcert=carolCert.pem
     leftid=carol@strongswan.org
     leftauth=eap
     right=192.168.0.1
     rightid=@moon.strongswan.org
     rightsendcert=never
     rightsubnet=10.1.0.0/16
     auto=add

Log file

Configuration as a TNCCS 1.1 Client where both VPN Gateway and AAA Server authenticate themselves

./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
            --enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
            --enable-eap-tnc --enable-tnc-imc --enable-tnccs-11

/etc/strongswan.conf - strongSwan configuration file

charon {
  plugins {
    eap-tnc {
      protocol = tnccs-1.1
    }
  }
}

/etc/ipsec.secrets - strongSwan IPsec secrets file

carol@strongswan.org : EAP "Ar3etTnp"

/etc/ipsec.conf - strongSwan IPsec configuration file

conn home
     leftid=carol@strongswan.org
     leftauth=eap
     right=192.168.0.1
     rightid=@moon.strongswan.org
     rightsubnet=10.1.0.0/16
     rightauth=pubkey
     aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org" 
     auto=add

Log file