diff options
| author | Martin Willi <martin@revosec.ch> | 2012-01-20 16:03:18 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2012-03-20 17:31:38 +0100 |
| commit | c8d46f295948d01aef96fba5413206d2ae0a16f9 (patch) | |
| tree | 141a299e6562be986659871a500b1d0bc255ac61 /man | |
| parent | c791def8c13ccb587ec9e37570f9a957af6a515e (diff) | |
| download | strongswan-c8d46f295948d01aef96fba5413206d2ae0a16f9.tar.bz2 strongswan-c8d46f295948d01aef96fba5413206d2ae0a16f9.tar.xz | |
Dropped support of deprecated authby=eap and eap= options
Diffstat (limited to 'man')
| -rw-r--r-- | man/ipsec.conf.5.in | 37 |
1 files changed, 4 insertions, 33 deletions
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in index e2835bde3..2f914b0c8 100644 --- a/man/ipsec.conf.5.in +++ b/man/ipsec.conf.5.in @@ -247,7 +247,7 @@ acceptable values are .br The IKEv2 daemon currently supports ESP only. .TP -.BR authby " = " pubkey " | rsasig | ecdsasig | psk | eap | never | xauth..." +.BR authby " = " pubkey " | rsasig | ecdsasig | psk | never | xauthpsk | xauthrsasig" how the two security gateways should authenticate each other; acceptable values are .B psk @@ -269,12 +269,7 @@ IKEv1 additionally supports the values and .B xauthrsasig that will enable eXtended AUTHentication (XAUTH) in addition to IKEv1 main mode -based on shared secrets or digital RSA signatures, respectively. -IKEv2 additionally supports the value -.BR eap , -which indicates an initiator to request EAP authentication. The EAP method -to use is selected by the server (see -.BR eap ). +based on shared secrets or digital RSA signatures, respectively. This parameter is deprecated for IKEv2 connections, as two peers do not need to agree on an authentication method. Use the .B leftauth @@ -377,31 +372,6 @@ might trigger a closeaction when not desired. defines the timeout interval, after which a CHILD_SA is closed if it did not send or receive any traffic. Currently supported in IKEv2 connections only. .TP -.BR eap " = md5 | mschapv2 | radius | ... | <type> | <type>-<vendor> -defines the EAP type to propose as server if the client requests EAP -authentication. Currently supported values are -.B aka -for EAP-AKA, -.B gtc -for EAP-GTC, -.B md5 -for EAP-MD5, -.B mschapv2 -for EAP-MS-CHAPv2, -.B radius -for the EAP-RADIUS proxy and -.B sim -for EAP-SIM. Additionally, IANA assigned EAP method numbers are accepted, or a -definition in the form -.B eap=type-vendor -(e.g. eap=7-12345) can be used to specify vendor specific EAP types. -This parameter is deprecated in the favour of -.B leftauth. - -To forward EAP authentication to a RADIUS server using the EAP-RADIUS plugin, -set -.BR eap=radius . -.TP .BR eap_identity " = <id>" defines the identity the client uses to reply to a EAP Identity request. If defined on the EAP server, the defined identity will be used as peer @@ -598,12 +568,13 @@ For .B eap, an optional EAP method can be appended. Currently defined methods are .BR eap-aka , +.BR eap-sim , .BR eap-gtc , .BR eap-md5 , .BR eap-tls , .B eap-mschapv2 and -.BR eap-sim . +.BR eap-radius . Alternatively, IANA assigned EAP method numbers are accepted. Vendor specific EAP methods are defined in the form .B eap-type-vendor |