new eap method: eap-ikev2

sdfsdv sdfdsf dr_ojboli at
Sat Jan 14 20:49:16 CET 2006

Hello all,

We're currently working on new eap method for freeradius and 
wpa_supplicant: eap-ikev2 (
tschofenig-eap-ikev2-07.txt). Method is able: mutual 
uthentication (certificate or shared secret based), cryptographic 
suit negotiation, fast rekeying (fast reconnect), channel binding 
and so on.

We currently have some working implementation but without fast 
rekeying, channel binding and some other minor things.

I would to ask You for some help. Some thing regarding freeradius 
are unclear to us.

First, we can't find any kind of fast rekeying code in reeradius. 
Is freeradius supporting anyhow such thing? Any other eap method 
is using fast rekeying?

eap-ikev2 is using it's own id data to identify supplicant and 
sever, it can be different than eap id. And we have a problem 
with users authorization, in a situation when eap id is different 
than internal ikev2 id, freeradius is giving access to user data 
(gathered in users.conf) only for users described by an eap id. 
Can eap method somehow access other users data?

I would appreciate any help.

Rafal Mijal

Wybierz Książkę Roku, wygraj nagrody!

More information about the Freeradius-Devel mailing list