[strongSwan] Ubuntu CLI client works Network Manager fails
Tobias Brunner
tobias at strongswan.org
Mon Dec 4 11:31:40 CET 2017
Hi Alex
> So if my client is connecting to vpn.york.ac.uk,
> the cert that needs installing is vpn.york.ac.uk
> ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ?
This refers to configuring the certificate in the GUI (in which case
only that certificate is loaded the certificates in the CA dir are not).
However, "server certificate for IKEv2" != "RADIUS server certificate
for EAP-PEAP/TTLS or other TLS based EAP methods". So configuring that
certificate won't help you if your RADIUS server still uses an identity
that is not contained in the configured certificate.
Regards,
Tobias
More information about the Users
mailing list