[strongSwan] Ubuntu CLI client works Network Manager fails

Tobias Brunner tobias at strongswan.org
Mon Dec 4 11:31:40 CET 2017

Hi Alex

> So if my client is connecting to vpn.york.ac.uk,
> the cert that needs installing is vpn.york.ac.uk
> ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ?

This refers to configuring the certificate in the GUI (in which case
only that certificate is loaded the certificates in the CA dir are not).
 However, "server certificate for IKEv2" != "RADIUS server certificate
for EAP-PEAP/TTLS or other TLS based EAP methods".  So configuring that
certificate won't help you if your RADIUS server still uses an identity
that is not contained in the configured certificate.


More information about the Users mailing list