[strongSwan] Ubuntu CLI client works Network Manager fails
Alex Sharaz
alex.sharaz at york.ac.uk
Fri Dec 1 16:21:52 CET 2017
o.k lots of options ...
Think I need the charon-nm for our Ubuntu network manager users .. keeps it
simple
Think Il'l try patching charon-nm first
Thanks
A
On 1 December 2017 at 14:34, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Alex,
>
> > so you're saying that my radius server also needs to have vpn.york.ac.uk
> > as a SubjAltName in it as well ?
>
> Yes, that's one option. Not using the NM plugin is another. With the
> config files you can set the AAA identity to vpn.york.ac.uk so it
> matches the certificate (or %any so any identity is accepted, the RADIUS
> server's certificate just has to be trusted). You can also patch
> charon-nm so it sets the AAA identity, or make it even configurable in
> the GUI.
>
> You can also not use EAP-PEAP and just authenticate the clients with
> EAP-MSCHAPv2/MD5/GTC directly (and if necessary secure the connection
> between VPN and RADIUS server with IPsec).
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171201/f28c8bf1/attachment.html>
More information about the Users
mailing list