Mon maitre de stage est en train de m'harceler avec ces histoires d'authentification par login/password.
J'ai fais pas mal de recherche sur le web... mais il ne semble pas exister de moyen d'authentification de ce type.
La solution serait de créer une PKI avec des cartes à puce et co... mais cela coute vraiment pas cher.
Une bonne solution solution serait d'installer un serveur RADIUS pour réaliser l'authentification.
Mais apparement Freeswan ne le permet pas !
------------------------
Voici ce que j'ai lu ds une FAQ de Freeswan :
Does FreeS/WAN support user authentication (Radius, SecureID, ...)?
Not yet. So far, there is no standard way to authenticate users for IPsec, though there is a very active IETF working group looking at the problem, and several vendors have implemented various things already.
In the absence of a standard, user authentication has not been a priority for the FreeS/WAN team, and is unlikely to become one. This would be a good project for a volunteer, perhaps a staff member or contractor at some company that needs the feature. Certainly our team would co-operate with such an effort; we just don't have time to do it.
The patches section of our web links document has links to some user work on this.
Of course, there are various ways to avoid any requirement for user authentication in IPsec. Consider the situation where road warriors build IPsec tunnels to your office net and you are considering requiring user authentication during tunnel negotiation. Alternatives include:
If you can trust the road warrior machines, then set them up so that only authorised users can create tunnels. If your road warriors use laptops, consider the possibility of theft.
If the tunnel only provides access to particular servers and you can trust those servers, then set the servers up to require user authentication.
If either of those is trustworthy, it is not clear that you need user authentication in IPsec.
------------------------
Pourtant de nombreuses solutions commerciales de type Cisco ou Checkpoint proposent des possibilités d'authentification VPN via RADIUS, TACACS...
Freeswan (c'est à dire IPSec) et Linux conviennent pleinement à nos besoins. Mais il faut à tout pris identifier de "manière sûr" les clients nomades ? !
Comment faire ? Je ne pense pas etre le premier à me poser la question !
Est il possible de réaliser de l'authentification avant l'établissement du tunnel IPSec ?
Merci de toute idées ! 