[strongSwan] Ubuntu CLI client works Network Manager fails

Alex Sharaz alex.sharaz at york.ac.uk
Mon Dec 4 12:40:15 CET 2017

o.k. so guess I'll build a freeradius server on the SSwan VPN box using
vpn.york.ac.uk cert and then proxy stuff to the mail auth service

On 4 December 2017 at 10:31, Tobias Brunner <tobias at strongswan.org> wrote:

> Hi Alex
> > So if my client is connecting to vpn.york.ac.uk,
> > the cert that needs installing is vpn.york.ac.uk
> > ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ?
> This refers to configuring the certificate in the GUI (in which case
> only that certificate is loaded the certificates in the CA dir are not).
>  However, "server certificate for IKEv2" != "RADIUS server certificate
> for EAP-PEAP/TTLS or other TLS based EAP methods".  So configuring that
> certificate won't help you if your RADIUS server still uses an identity
> that is not contained in the configured certificate.
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171204/26179ce1/attachment.html>

More information about the Users mailing list