To create a VPN I've installed pptpd on an Ubuntu domU (Debian domUs can also be created). MSCHAPv2 isn't a very strong authentication protocol so I'd like to use EAP-TLS. I've set up a FreeRADIUS server and certificates for EAP-TLS before (for use with WPA), and I've also set up a pptp server with mschap-v2 auth, but I can't figure out how to combine the two. Maybe pppd can use EAP-TLS on its own, but I can't find support for it in the Ubuntu package. If I need to patch the package, that's fine, I know how to patch Debian packages (provided the patch applies cleanly).
Also, can MPPE still be used when pppd is configured to use EAP? Because it says in the manual several times that MPPE requires MSCHAP. However, other docs like this one: http://www.nikhef.nl/~janjust/ppp/ seem to refute that.
The clients are running Mac OS X Leopard and GNU/Linux, there's no need to fix anything for Windows.
it's very well possible to patch pppd to include EAP-TLS support ; see
http://www.nikhef.nl/~janjust/ppp/download.html
for details ; I've used this patch to authenticate a windows PPTP client to a linux poptop+pppd server as well as connecting a linux pptpclient+pppd to a windows PPTP server with EAP-TLS certificates (and now including smartcard support ;-))
HTH,
JJK