[strongSwan] Ubuntu CLI client works Network Manager fails
Alex Sharaz
alex.sharaz at york.ac.uk
Mon Dec 4 12:40:15 CET 2017
o.k. so guess I'll build a freeradius server on the SSwan VPN box using
vpn.york.ac.uk cert and then proxy stuff to the mail auth service
A
On 4 December 2017 at 10:31, Tobias Brunner <tobias at strongswan.org> wrote:
> Hi Alex
>
> > So if my client is connecting to vpn.york.ac.uk,
> > the cert that needs installing is vpn.york.ac.uk
> > ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ?
>
> This refers to configuring the certificate in the GUI (in which case
> only that certificate is loaded the certificates in the CA dir are not).
> However, "server certificate for IKEv2" != "RADIUS server certificate
> for EAP-PEAP/TTLS or other TLS based EAP methods". So configuring that
> certificate won't help you if your RADIUS server still uses an identity
> that is not contained in the configured certificate.
>
> Regards,
> Tobias
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171204/26179ce1/attachment.html>
More information about the Users
mailing list