From 3412d98b8b5ead4fa4d66e13b77f650e2bebce2f Mon Sep 17 00:00:00 2001 From: Lucas Kanashiro Date: Thu, 21 May 2020 17:10:56 -0300 Subject: [PATCH] Re-enable eap-{dynamic,peap} libcharon plugins eap-dynamic might be quite useful for users because it allows clients to select an alternative EAP method if the one selected by the server initially is not supported. eap-peap is still widely used by users because it is what most of the clients implements. It is often used in combination with EAP-MSCHAPv2 to authenticate e.g. WiFi clients (the TLS connection in EAP-PEAP protects the potentially weak password authentication in EAP-MSCHAPv2). For instance, using the same protocol for VPN clients allows reusing the existing AAA infrastructure (AD/RADIUS server). --- debian/control | 3 +++ debian/libcharon-extra-plugins.install | 6 ++++++ debian/rules | 2 ++ 3 files changed, 11 insertions(+) diff --git a/debian/control b/debian/control index 9c0d90988..93c426887 100644 --- a/debian/control +++ b/debian/control @@ -202,6 +202,9 @@ Description: strongSwan charon library (extra plugins) - unity (Cisco Unity extensions for IKEv1) - xauth-eap (XAuth backend that uses EAP methods to verify passwords) - xauth-pam (XAuth backend that uses PAM modules to verify passwords) + - eap-dynamic (EAP proxy plugin that dynamically selects an EAP method + requested/supported by the client (since 5.0.1)) + - eap-peap (EAP-PEAP protocol handler, wraps other EAP methods securely) Package: strongswan-starter Architecture: any diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install index 7765f2056..cc0bf6f22 100644 --- a/debian/libcharon-extra-plugins.install +++ b/debian/libcharon-extra-plugins.install @@ -2,9 +2,11 @@ usr/lib/ipsec/plugins/libstrongswan-addrblock.so usr/lib/ipsec/plugins/libstrongswan-certexpire.so usr/lib/ipsec/plugins/libstrongswan-eap-aka.so +usr/lib/ipsec/plugins/libstrongswan-eap-dynamic.so usr/lib/ipsec/plugins/libstrongswan-eap-gtc.so usr/lib/ipsec/plugins/libstrongswan-eap-identity.so usr/lib/ipsec/plugins/libstrongswan-eap-md5.so +usr/lib/ipsec/plugins/libstrongswan-eap-peap.so usr/lib/ipsec/plugins/libstrongswan-eap-radius.so usr/lib/ipsec/plugins/libstrongswan-eap-tls.so usr/lib/ipsec/plugins/libstrongswan-eap-tnc.so @@ -24,9 +26,11 @@ usr/lib/ipsec/plugins/libstrongswan-xauth-pam.so usr/share/strongswan/templates/config/plugins/addrblock.conf usr/share/strongswan/templates/config/plugins/certexpire.conf usr/share/strongswan/templates/config/plugins/eap-aka.conf +usr/share/strongswan/templates/config/plugins/eap-dynamic.conf usr/share/strongswan/templates/config/plugins/eap-gtc.conf usr/share/strongswan/templates/config/plugins/eap-identity.conf usr/share/strongswan/templates/config/plugins/eap-md5.conf +usr/share/strongswan/templates/config/plugins/eap-peap.conf usr/share/strongswan/templates/config/plugins/eap-radius.conf usr/share/strongswan/templates/config/plugins/eap-tls.conf usr/share/strongswan/templates/config/plugins/eap-tnc.conf @@ -47,9 +51,11 @@ etc/strongswan.d/tnc.conf etc/strongswan.d/charon/addrblock.conf etc/strongswan.d/charon/certexpire.conf etc/strongswan.d/charon/eap-aka.conf +etc/strongswan.d/charon/eap-dynamic.conf etc/strongswan.d/charon/eap-gtc.conf etc/strongswan.d/charon/eap-identity.conf etc/strongswan.d/charon/eap-md5.conf +etc/strongswan.d/charon/eap-peap.conf etc/strongswan.d/charon/eap-radius.conf etc/strongswan.d/charon/eap-tls.conf etc/strongswan.d/charon/eap-tnc.conf diff --git a/debian/rules b/debian/rules index eacfe145e..227ba7481 100755 --- a/debian/rules +++ b/debian/rules @@ -14,9 +14,11 @@ CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ --enable-ctr \ --enable-curl \ --enable-eap-aka \ + --enable-eap-dynamic \ --enable-eap-gtc \ --enable-eap-identity \ --enable-eap-md5 \ + --enable-eap-peap \ --enable-eap-mschapv2 \ --enable-eap-radius \ --enable-eap-tls \ -- GitLab