[strongSwan] Combining authentication types
curious_freddy at gmsl.co.uk
Fri Jun 26 14:33:10 CEST 2015
On 26/06/2015 13:08, Noel Kuntze wrote:
> Hello Fred,
> Just create several conn sections.
Thanks for your reply Noel.
I tried this.. but then the wrong connection was being selected by the
responder (and therefore failing). Commenting out individual connections
made the other one work in isolation. It would appear I need to do
something to assist strongSwan in selecting the correct connection
profile, but I'm not sure what? I have tried playing with eap_identity
and rightid but am unsure what it is precisely I need to do to
differentiate between an incoming connection that could be using either
So I have for e.g. the below two connection profiles. A win7 Agile
client strongSwan tries to use IPSec-IKEv2-EAP-TLS when I'm using only
mschapv2. So why's it not picking up the IPSec-IKEv2-EAP-MSCHAPv2
connection? If I use client certs the win7 agile connection works (using
IPSec-IKEv2-EAP-TLS) but I was hoping to allow client certs OR mschapv2
auth types if possible. I was also hoping the Mac OS X applet you
provide will work with the IPSec-IKEv2-EAP-MSCHAPv2 connection profile
and this does appear to work. So it's just mschapv2 that fails due to it
picking up the wrong connection profile.
#rightid="C=CH, O=strongSwan, CN=xx"
More information about the Users