The Extensible Authentication Protocol (EAP;
RFC 3748) is a
security protocol that can be used with PPP. It provides a means to
plug in multiple optional authentication methods.
Transport Level Security (TLS; RFC 2246) provides for mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. It also provides for optional MPPE encryption.
EAP-TLS (RFC 2716) encapsulates the TLS messages in EAP packets, allowing TLS mutual authentication to be used as a generic EAP mechanism.
This patch was written to use pppd in a VPN with either PPTP or IPSec/L2TP and to allow Windows users to authenticate using smartcards with certificates.
Especially for PPTP VPNs the support of EAP-TLS+MPPE is very important, as it allows for the use of X.509 certificates to authenticate users. This greatly improves security (one might say it actually adds a little security), as the security of the PPTP model is as good as the password/certificate length.