[strongSwan] windows eap-ttls mschapv2 radius

glesov at mail.bg glesov at mail.bg
Wed Feb 24 20:00:06 CET 2016

hi all,

Im testing and searching for windows ike2 clients to strongswan server with
two-way authorization: certificate for machine and user/password for users
from radius/NPSserver. With strongswan for Android this is possible and
works well with rightcert=..cert.pem and rightauth2=eap-radius.

but Windows does not support multiple rounds for authorization. Im thinking
for EAP-TTLS/MSCHAPV2 or PEAP/MSCHAPV2, but it does not work, and in
thisnconfihuration Windwlows client sends its IPaddress for identifier. I
need cert for identifier as need static ip for every machine (not user from

Any ideas is this possible?



ПП: СуперХостинг.БГ имат супер промоция за теб и твоите приятели. До -75% отстъпка за нови и настоящи клиенти. Можеш да ги разгледаш на сайта. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160224/ecf68787/attachment.html>

More information about the Users mailing list