<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I have looked through the options but can not find it. Would be very grateful if you could describe how to do it when you have time.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
I am using the VPN client built-in Windows 10. I have searched for an option corresponding the "Remote ID" in macOS in the following locations to no avail:</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- Settings -> Network & Internet -> VPN</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- Control Panel -> Network and Internet -> Network Connections</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- rasphone.pbk - %APPDATA%\Microsoft\Network\Connections\Pbk\rasphone.pbk</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
- PowerShell documentation for Add-VpnConnection and Set-VpnConnectionIPsecConfiguration</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Christian Salway <christian.salway@naimuri.com><br>
<b>Sent:</b> Wednesday, September 26, 2018 01:29<br>
<b>To:</b> bls s<br>
<b>Cc:</b> Marwan Khalili; users@lists.strongswan.org<br>
<b>Subject:</b> Re: [strongSwan] Help! I can't configure Windows 10 to send remote id (leftid) for IKEv2</font>
<div> </div>
</div>
<meta content="text/html; charset=utf-8">
<div dir="auto">
<div dir="ltr"></div>
<div dir="ltr">You can set the ID in windows 10 if you go through the options for the connection you will see it. Not near a computer otherwise I’d get you the instructions.</div>
<div dir="ltr"><br>
On 26 Sep 2018, at 02:30, bls s <<a href="mailto:bls3427@outlook.com">bls3427@outlook.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I'm curious about this as well. From my work on pistrong (see elsewhere), it looks to me like Windows doesn't have a way to send an ID that you can use for matching. I haven't tried this, but you might be able to make it work by using a separate "VPN certificate"
for the Windows connection that has an altname in it corresponding to a secondary DNS name for your server. You can then have Windows connect to the secondary DNS name and, in theory, it would eventually match that connection.</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Again, just a theory, I'm definitely interested in other approaches to solving this.<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Users <<a href="mailto:users-bounces@lists.strongswan.org">users-bounces@lists.strongswan.org</a>> on behalf of Marwan Khalili <<a href="mailto:choklad_321@hotmail.com">choklad_321@hotmail.com</a>><br>
<b>Sent:</b> Tuesday, September 25, 2018 7:47 AM<br>
<b>To:</b> <a href="mailto:users@lists.strongswan.org">users@lists.strongswan.org</a><br>
<b>Subject:</b> [strongSwan] Help! I can't configure Windows 10 to send remote id (leftid) for IKEv2</font>
<div> </div>
</div>
<meta content="text/html; charset=iso-8859-1">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Hello,</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt"><br>
</span></div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span style="color:rgb(0,0,0); font-family:Calibri,Helvetica,sans-serif; font-size:12pt">I have a strongSwan server running with the ipsec.conf pasted below. </span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
The clients are using Windows 10 and macOS and they must be able to choose connection. I am trying to separate the connections using "leftid" with different subdomains for each connection (e.g.
<a href="http://vpn1.example.org">vpn1.example.org</a>, <a href="http://vpn2.example.org">
vpn2.example.org</a>).</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
My solution below works in macOS by matching "Remote ID" with the appropriate "leftid", however I can't get it to work in Windows 10. </div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I am very grateful to any help or ideas of how I can solve this. </div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
ipsec.conf</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
--------------</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>conn %default<br>
</span>
<div> auto=add<br>
</div>
<div> dpdaction=clear<br>
</div>
<div> dpddelay=180s<br>
</div>
<div> eap_identity=%any<br>
</div>
<div> esp=aes256-sha256,aes256-sha1,3des-sha1!<br>
</div>
<div> forceencaps=yes<br>
</div>
<div> ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!<br>
</div>
<div> keyexchange=ikev2<br>
</div>
<div> leftcert=cert.pem<br>
</div>
<div> leftsendcert=always<br>
</div>
<div> rightauth=eap-mschapv2<br>
</div>
<span> rightsendcert=never</span><br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<div>conn conn1<br>
</div>
<div> left=%any<br>
</div>
<div> <a href="mailto:leftid=@vpn1.example.org">leftid=@vpn1.example.org</a><br>
</div>
<div> leftsubnet=0.0.0.0/0<br>
</div>
<div> right=%any<br>
</div>
<div> rightid=%any<br>
</div>
<div> rightdns=8.8.8.8,8.8.4.4<br>
</div>
<div> rightsourceip=10.10.10.1/24<br>
</div>
<div><br>
</div>
<div>conn conn2</div>
<div> left=%any<br>
</div>
<div> <a href="mailto:leftid=@vpn2.khalili.xyz">leftid=@vpn2.khalili.xyz</a><br>
</div>
<div> leftsubnet=0.0.0.0/0<br>
</div>
<div> right=%any<br>
</div>
<div> rightid=%any<br>
</div>
<div> rightdns=8.8.8.8,8.8.4.4<br>
</div>
<span> rightsourceip=10.10.10.2/24</span></div>
</div>
</div>
</blockquote>
</div>
</body>
</html>