Currently we support several variants of EAP for ipsec remote access client authentication, but we should also support standard ipsec mutual x509 authentication. This is authentication mode "pubkey" in the strongswan config and functions in practice similarly to EAP-TLS, just without the extra EAP exchange.
Description
Description
Details
Details
- Version
- -
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Unspecified (please specify)
Related Objects
Related Objects
- Mentioned In
- T6617: ipsec: remote access VPN: "generate ipsec profile ios-remote-access" wrong profile for x509 auth
rVYOSONEX9e49bcad817d: Merge pull request #2727 from vyos/mergify/bp/sagitta/pr-2707
rVYOSONEX6cfcef98b8a8: T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.
rVYOSONEX656934e85cee: T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.
rVYOSONEX14dc8a8962f0: Merge pull request #2707 from lucasec/t5870