On Oct 13, 2015, at 1:16 PM, Jouni Malinen <jkmalinen@gmail.com> wrote:
On Tue, Oct 13, 2015 at 3:24 PM, Alan DeKok <aland@deployingradius.com> wrote:
EAP-IKE is rarely used. But should work.
Is this still based on the libeap-ikev2 from 2006? If so, please note that I don't think it is compliant with EAP-IKEv2 as defined in RFC 5106.
Done.
I used to have some workaround code in wpa_supplicant to allow interop testing with this implementation (under #ifdef CCNS_PL), but I dropped those last year since there does not seem to be any point in maintaining non-compliant implementation. I would discourage any deployments based on this old implementation unless those compliancy issues with the published RFC are first addressed. As such, I hope that this does not get documented as "working" in FreeRADIUS..
Good point. I think it's worth removing. The only consumer I'm aware of is StrongSWAN, and alternatives for it exist. Alan DeKok.