Does FreeS/WAN support user authentication (Radius, SecureID, …)?
Not yet. So far, there is no standard way to authenticate users for IPsec, though there is a very active IETF working group looking at the problem, and several vendors have implemented various things already. In the absence of a standard, user authentication has not been a priority for the FreeS/WAN team, and is unlikely to become one. This would be a good project for a volunteer, perhaps a staff member or contractor at some company that needs the feature. Certainly our team would co-operate with such an effort; we just don’t have time to do it. The patches section of our web links document has links to some user work on this. Of course, there are various ways to avoid any requirement for user authentication in IPsec. Consider the situation where road warriors build IPsec tunnels to your office net and you are considering requiring user authentication during tunnel negotiation. Alternatives include: • If you can trust the road warrior machines, then set them up so that only authorised
