[strongSwan] Best practice for win7 <-> strongswan 5.1
Martin Willi
martin at strongswan.org
Thu Oct 24 09:24:11 CEST 2013
Hello Björn,
> As you can see i tried to do that with eap, but didn`t get it to work.
"didn't work" is not a failure description that allows us to help.
I'd try to start with a simple setup terminating EAP-MSCHAPv2 at the
Gateway, no RADIUS involved.
> strongswan-5.1.0 # ./configure --enable-pem --enable-pkcs1
> --enable-eap-radius --enable-eap-identity --enable-md4
> --enable-eap-mschapv2 --enable-eap-tls && make && make install
Your ./configure is fine so far (pem/pkcs1 are enabled by default,
though, and eap-radius is not required before you use RADIUS).
> - What would be best practice to get Strongswan 5.1 working with
> Win7 ?
Try the configuration at [1], and generate the certificates as outlined
at [2]. Read carefully the requirements about subjectAltNames and
certificate usage.
If you have issues, post an excerpt of the strongSwan log and the exact
Windows error description.
Regards
Martin
[1]http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
[2]http://wiki.strongswan.org/projects/strongswan/wiki/Win7CertReq
More information about the Users
mailing list