[strongSwan] IKEv2 RSA or EAP (mschap2) with Windows 10 client

Noel Kuntze noel at familie-kuntze.de
Wed Nov 25 20:09:35 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Will it help if i switch from 2048RSA to 384 ECDS keys, as they are shorter?
>
> And if all this fails, is there an Windows VPN client that fully supports strongSwan?
If Windows 10 supports ECDSA, sure.

Well, you need one that supports the necessary feature set of IKEv2
to make your situation work. So UDP encaps and fragmentation,
as well as certificate auth and EAP.
I don't know of any that does.

- --- only read if you're willing to develope one ---
But it shouldn't be too hard to do.
I looked at strongSwan's Windows support and one
would actually just need to write a gui for it based on VICI
and exchange the backend driver (replace the policy based VPN with whatever
the native Windows VPN driver does (route based VPN)) and you'll
have yourself a fully functional VPN client.

I started writing the gui, but I'm too lazy to finish it.
Maybe I'll do it when I have some free time again.

- -- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWVgdtAAoJEDg5KY9j7GZYhC4P/ihDlFKWKo1lRKalgaX4WCDd
OgLLFkeUbYKVI6mmafApTgDO0C0t2H5Vyf1ntVNVIV1NssXstyN7mlc3tCVAPNyX
l+H4xcwaJcsX23EgVg87BNbj0rYi0if9jNux5Jfs9X0XOr5JekHcfKgNbvkzr4qp
PPAvdCvHzjHrbhd6QSK673sdR5QVv3yFVJ4TVPpns+g28TbEwav4KrgKXTG385GP
mjcBZMPsj4tpBBlKE3BBpWqTze/paRp8B68mzMRjeyBwgfQzkXbQpTYD6fO+NKOI
bop0dobCG59TG03ojIzl/68otxUz9FuZ1UE9C+Xu3m+dCWjkuv9/y4Y4ATX91R6f
xQ/0cn9ongsrGo5Z/7ydlykgaXLgDW87cjbYHd11siGU3BvkxnaztbFA78HTqH5v
hCB8XpM8ZYHySgU5WJ/oqRfUHpzpAV8gz+uQbQTwimSzLKzufUbc+nTPqvDnL/On
EdwevzAoEPV9ObXvbGeqZSdMXF2CdUP1DwKHxWukH7k1MgOtjS49noYOmJ7+J3hT
Alpaw64gJEe9q3Ox23eIU4eBmnbpHvygWLhx8a14D8/Zg7WB8HIzRXZF/9u1UsZX
PQchyFo+9u9SVzMby2BQWZb5CWyGruGKcpxBPdtTKJQ/96knFYOO5L5CWTbCSvau
x0On0n8DHXVOhewRensF
=LOhX
-----END PGP SIGNATURE-----



More information about the Users mailing list