Added NEWS about mutual EAP-only authentication

2010-01-07 16:16:22 +01:00 · 2010-01-07 16:16:22 +01:00 · aca9f9ab5a
parent 34948b9971
commit aca9f9ab5a
1 changed files with 6 additions and 0 deletions
--- a/6
+++ b/6
@ -35,6 +35,12 @@ strongswan-4.3.6
  "charon.send_vendor_id" option in strongswan.conf to let the remote peer know
  this is the case.

+- Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the
+  responder omits public key authentication in favor of a mutual authentication
+  method. To enable EAP-only authentication, set rightauth=eap on the responder
+  to rely only on the MSK constructed AUTH payload. This not-yet standardized
+  extension requires the strongSwan vendor ID introduced above.
+
 - The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
  allowing interoperability.