<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello,<div class=""><br class=""></div><div class="">To quote your page [1] "<span style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; font-size: 10.8px; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class="">With IKEv2 it is possible to use multiple authentication rounds", could this be PSK and eap-mschapv2 and do you have a configuration that would match that method? My current configuration looks like the below.</span></div><div class=""><span style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; font-size: 10.8px; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""><br class=""></span></div><div class=""><span style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; font-size: 10.8px; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class="">The clients are OSX and Windows native clients so I am curious if it will work.</span></div><div class=""><span style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; font-size: 10.8px; orphans: 2; widows: 2; background-color: rgb(255, 255, 255);" class=""><br class=""></span></div><div class=""><pre style="background-color: rgb(255, 255, 255); font-family: Menlo; font-size: 9pt;" class=""><span style="background-color:#e7ffb3;" class="">connections {<br class=""></span><span style="background-color:#e7ffb3;" class=""> radius {<br class=""></span><span style="background-color:#e7ffb3;" class=""> version = 2<br class=""></span><span style="background-color:#e7ffb3;" class=""> send_cert = always<br class=""></span><span style="background-color:#e7ffb3;" class=""> encap = yes<br class=""></span><span style="background-color:#e7ffb3;" class=""> pools = pool1<br class=""></span><span style="background-color:#e7ffb3;" class=""> unique = replace<br class=""></span><span style="background-color:#e7ffb3;" class=""> proposals = aes256-sha256-prfsha256-ecp256-modp2048<br class=""></span><span style="background-color:#e7ffb3;" class=""> local {<br class=""></span><span style="background-color:#e7ffb3;" class=""> # the id must be contained in the certificate, either as subject or as subjectAltName.<br class=""></span><span style="background-color:#e7ffb3;" class=""> id = </span><span style="color:#000080;font-weight:bold;" class="">$</span>{FQDN}<span style="background-color:#e7ffb3;" class=""><br class=""></span><span style="background-color:#e7ffb3;" class=""> certs = cert.pem<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> remote {<br class=""></span><span style="background-color:#e7ffb3;" class=""> auth = eap-radius<br class=""></span><span style="background-color:#e7ffb3;" class=""> eap_id = %any<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> children {<br class=""></span><span style="background-color:#e7ffb3;" class=""> child_sa_1 {<br class=""></span><span style="background-color:#e7ffb3;" class=""> #esp_proposals =<br class=""></span><span style="background-color:#e7ffb3;" class=""> local_ts = </span><span style="color:#000080;font-weight:bold;" class="">$</span>{LOCALCIDR}<span style="background-color:#e7ffb3;" class=""><br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class="">}</span></pre><div class=""><br class=""></div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics" class="">https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics</a></div><div class=""><br class=""><div class="">
<div dir="auto" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">Kind regards,<br class=""><br class=""><b style="color: rgb(0, 0, 0);" class="">Christian Salway</b><br class="">IT Consultant - <b class=""><font color="#f05a28" class="">Naimuri</font></b><br class=""><br class=""><font color="#919191" class="">T: +44 7463 331432<br class="">E: <a href="mailto:christian.salway@naimuri.com" class="">christian.salway@naimuri.com</a><br class="">A: Naimuri Ltd, Capstan House, Manchester M50 2UW</font></div></div></div></div></div></div>
</div>
<br class=""></div></body></html>