[strongSwan] Best practice for win7 <-> strongswan 5.1

Martin Willi martin at strongswan.org
Thu Oct 24 09:24:11 CEST 2013

Hello Björn,

> As you can see i tried to do that with eap, but didn`t get it to work.

"didn't work" is not a failure description that allows us to help.

I'd try to start with a simple setup terminating EAP-MSCHAPv2 at the
Gateway, no RADIUS involved. 

> strongswan-5.1.0 # ./configure --enable-pem --enable-pkcs1
> --enable-eap-radius --enable-eap-identity --enable-md4
> --enable-eap-mschapv2 --enable-eap-tls && make && make install

Your ./configure is fine so far (pem/pkcs1 are enabled by default,
though, and eap-radius is not required before you use RADIUS).

> - What would be best practice to get Strongswan 5.1 working with
> Win7 ?

Try the configuration at [1], and generate the certificates as outlined
at [2]. Read carefully the requirements about subjectAltNames and
certificate usage.

If you have issues, post an excerpt of the strongSwan log and the exact
Windows error description.



More information about the Users mailing list