strongSwan as TNC Client » History » Version 16
Version 15 (Andreas Steffen, 11.02.2011 11:09) → Version 16/22 (Andreas Steffen, 03.08.2011 06:33)
h1. strongSwan as TNC Client
h3. Configuration as a TNCCS 2.0 Client with EAP-MD5 password-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = de, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsendcert=never
rightsubnet=10.1.0.0/16
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-20/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-20/carol.daemon.log
h3. Configuration as a TNCCS 2.0 Client with EAP-TLS certicate-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = ru, fr, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsendcert=never
rightsubnet=10.1.0.0/16
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-20-tls/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-20-tls/carol.daemon.log
h3. Configuration as a TNCCS 1.1 Client where both VPN Gateway and AAA Server authenticate themselves
<pre>
./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-11
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-1.1
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-11-radius/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-11-radius/carol.daemon.log
h3. Configuration as a TNCCS 2.0 Client with EAP-MD5 password-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = de, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsendcert=never
rightsubnet=10.1.0.0/16
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-20/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-20/carol.daemon.log
h3. Configuration as a TNCCS 2.0 Client with EAP-TLS certicate-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = ru, fr, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsendcert=never
rightsubnet=10.1.0.0/16
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-20-tls/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-20-tls/carol.daemon.log
h3. Configuration as a TNCCS 1.1 Client where both VPN Gateway and AAA Server authenticate themselves
<pre>
./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-11
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-1.1
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add
</pre>
"Client logfile":http://www.strongswan.org/uml/testresults/tnc/tnccs-11-radius/carol.daemon.log logfile":http://www.strongswan.org/uml/testresults/ikev2/rw-eap-tnc-11-radius/carol.daemon.log