[strongSwan] Gateway configuration for strongswan Android setting "IKEv2 Certificate + EAP (Username/Password)"

[strongswan.20.apex3 at xoxy.net]

> A conn section for combined certificate/EAP authentication should look
> something like this (using the above as template):
>
> conn rw-cert-eap
>         left=172.16.254.200
>         leftsubnet=0.0.0.0/0
>         leftcert=pi-peer.der
>         leftid=my-fqdn.example.com
>         rightsourceip=172.16.254.0/24
>         right=%any
>         rightauth=pubkey
>         rightauth2=eap-md5
>         auto=add
>
> The important bit is rightauth2 which configures a second authentication
> round using EAP after doing a first round with certificate authentication.
>
> You can simplify the whole config by putting the shared options in a
> single section and using the also keyword:
>
> conn rw-base
>         left=172.16.254.200
>         leftsubnet=0.0.0.0/0
>         leftcert=pi-peer.der
>         leftid=my-fqdn.example.com
>         rightsourceip=172.16.254.0/24
>         right=%any
>
> conn rw-cert
>         also=rw-base
>         auto=add
>
> conn rw-eap
>         also=rw-base
>         rightauth=eap-md5
>         rightsendcert=never
>         auto=add
>
> conn rw-cert-eap
>         also=rw-base
>         rightauth2=eap-md5
>         auto=add
>
> 'pubkey' is the default so rightauth does not have to be specified
> explicitly.

Tobias,

Thanks lot for clearing that up for me.  It was the implicit
"rightauth" setting that I didn't realize I was using.  Once I added
rightauth2, it's of course working well.

I appreciate the help and the quick reply!