[strongSwan] Multiple certificate authentication

Andreas Steffen andreas.steffen at strongswan.org
Fri Jul 20 08:42:09 CEST 2012

Hi Matt,

in fact, if the RADIUS or AAA server has a different certificate
than the VPN gateway then you can define the AAA identity with

    aaa_identity=<subject DN or subjectAltName of AAA server>

as in the following example


Best regards


On 07/19/2012 06:58 PM, Keeler, Matthew J. wrote:
> I have a strongswan client connecting to a strongswan server. The server
> has the right authentication method set to be eap-radius.
> The clients configuration has the rightcert value set to be the
> certificate of the strongswan server and the leftauth set to eap-ttls.
> The client/server connection validates the certificate and the server
> then starts the eap authentication with the radius server. At this point
> the client complains that the server certificate does not match. I am
> assuming that it Is talking about the certificate of the radius server
> (which is in fact different from the strongswan server cert).
> How can I get around this and get the certificate validation working for
> the strongswan server and the radius server?
> Thanks
> Matt Keeler
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Users mailing list