[strongSwan] windows eap-ttls mschapv2 radius

[glesov at mail.bg]

hi all,


Im testing and searching for windows ike2 clients to strongswan server with
two-way authorization: certificate for machine and user/password for users
from radius/NPSserver. With strongswan for Android this is possible and
works well with rightcert=..cert.pem and rightauth2=eap-radius.


but Windows does not support multiple rounds for authorization. Im thinking
for EAP-TTLS/MSCHAPV2 or PEAP/MSCHAPV2, but it does not work, and in
thisnconfihuration Windwlows client sends its IPaddress for identifier. I
need cert for identifier as need static ip for every machine (not user from
nps).


Any ideas is this possible?


 

-------------------------------------

ПП: СуперХостинг.БГ имат супер промоция за теб и твоите приятели. До -75% отстъпка за нови и настоящи клиенти. Можеш да ги разгледаш на сайта. 
 http://www.superhosting.bg/web-hosting-compare-hosting-plans.php?utm_source=MailBG&utm_medium=footer&utm_content=v3&utm_campaign=Winter2016
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160224/ecf68787/attachment.html>