Link to home
Start Free TrialLog in
Avatar of Taras Shumylo
Taras Shumylo

asked on

Which is more secure: EAP or machine certificate for IKEv2 VPN?

I am trying to configure IPSec VPN from home to my workplace computer. My home computer have public IP and office computer is located behind the NAT.
I use Libreswan on CentOS 7 as VPN server. I do not want to use another VPN solution, since this is only VPN solution recommended by RedHat and I am perfectionist.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
"IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so."

I've found the article on how to configure Libreswan VPN server for remote clients using IKEv2
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2
But this method use machine certificates for client authentication.

The question is - are machine certificates of equal security than EAP authentication methods supported by Windows and therefore should I continue implementing this solution?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial