strongSwan as TNC Client » History » Version 9
Version 8 (Andreas Steffen, 14.12.2010 19:19) → Version 9/22 (Andreas Steffen, 14.12.2010 19:19)
h1. strongSwan as TNC Client
The following plugins must activated for strongSwan to take on the role of a TNC Client
h3. Configuration as a TNCCS 2.0 Client with EAP-MD5 password-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = de, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
auto=add
</pre>
h3. Configuration as a TNCCS 2.0 Client with EAP-TLS certicate-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = ru, fr, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
auto=add
</pre>
h3. Configuration as a TNCCS 1.1 Client where both VPN Gateway and AAA Server authenticate themselves
<pre>
./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-11
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-1.1
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add
</pre>
The following plugins must activated for strongSwan to take on the role of a TNC Client
h3. Configuration as a TNCCS 2.0 Client with EAP-MD5 password-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = de, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
auto=add
</pre>
h3. Configuration as a TNCCS 2.0 Client with EAP-TLS certicate-based client authentication
<pre>
./configure --prefix=/usr --sysconfdir=/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-20
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-2.0
}
tnc-imc {
preferred_language = ru, fr, en
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
: RSA carolKey.pem "nH5ZQEWtku0RJEZ6"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftcert=carolCert.pem
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
auto=add
</pre>
h3. Configuration as a TNCCS 1.1 Client where both VPN Gateway and AAA Server authenticate themselves
<pre>
./configure --prefix=/usr --sysconfdir =/etc --disable-pluto --enable-curl
--enable-eap-tls --enable-eap-ttls --enable-eap-identity --enable-eap-md5
--enable-eap-tnc --enable-tnc-imc --enable-tnccs-11
</pre>
/etc/strongswan.conf - strongSwan configuration file
<pre>
charon {
plugins {
eap-tnc {
protocol = tnccs-1.1
}
}
}
</pre>
/etc/ipsec.secrets - strongSwan IPsec secrets file
<pre>
carol@strongswan.org : EAP "Ar3etTnp"
</pre>
/etc/ipsec.conf - strongSwan IPsec configuration file
<pre>
conn home
leftid=carol@strongswan.org
leftauth=eap
right=192.168.0.1
rightid=@moon.strongswan.org
rightsubnet=10.1.0.0/16
rightauth=pubkey
aaa_identity="C=CH, O=Linux strongSwan, CN=aaa.strongswan.org"
auto=add
</pre>