[strongSwan] Cert and EAP-mschapv2 Auth?

[Mike Ruebner]

Did anyone have any luck coaxing Windows' built-in VPN client into using _both_ machine certs and a mschapv2 user name/password dialogue for an IKEv2 connection (I guess that would be 'two-factor auth' in newspeak)? According to the docs, this is an either/or proposition; but I've seen setups that use a two-pronged approach via 'rightauth=pubkey; rightcert=[client.crt]' and 'rightauth2=eap-mschapv2'. Is this a client software limitation?

Any pointers greatly appreciated!

Mike