[strongSwan] S2S PSK and IKEv2 EAP-MSCHAPv2 from same public IP
dusan at comhem.se
Wed Jan 25 07:27:45 CET 2017
I have a site to site PSK setup up and running, but when a Windows
client from the same remote IP tries to connect to the same gateway the
logfile says encryption mismatch. If i shut down the tunnel and comment
the S2S connection in ipsec.conf the client can connect just fine.
It looks to me that the issue is that Strongswan chooses the S2S PSK
connection profile with the remote access client instead of the
EAP-MSCHAPv2 profile, how can I configure so that the right VPN type is
handled by the right connection profile in ipsec.conf? Is Strongswan
only identifying and matching connecting nodes with remote IP address?
I know I could just let the connectin Windows clients use the existing
S2S tunnel instead, but the clients are residing in a separate subnet
behind the same gateway connecting with S2S, and the gateway is somehow
locked down and the TS-selectors can't be reconfigured to contain these
clients subnet too.
More information about the Users