Comment 4 for bug 1878887

EAP-PEAP (Protected EAP) is one of those protocols that nobody wants to use (there are nicer, more modern alternatives) but lots of people have to because it's what Microsoft implements. It's often used in combination with EAP-MSCHAPv2 to authenticate e.g. WiFi clients (the TLS connection in EAP-PEAP protects the potentially weak password authentication in EAP-MSCHAPv2). Using the same protocol for VPN clients allows reusing the existing AAA infrastructure (AD/RADIUS server). Also because many clients support it.

Another plugin that was removed (or has never been packaged in Debian) but which can be quite useful on servers is eap-dynamic. It allows clients to select an alternative EAP method if the one selected by the server initially is not supported.

> but when the system is upgraded from previous versions like 18.04 it tries peap by default and fails

If the plugin is not there, it won't be loaded (the conf snipped, which might not have been removed by the upgrade, doesn't change that). Or are you saying that the plugin file (libstrongswan-eap-peap.so) from 18.04 was not removed during the upgrade? This could actually cause crashes as plugin files from different releases (in particular with many versions in between) are usually not compatible.