[strongSwan] Windows ikev2 conn, eap_identity ignored

Giuseppe De Marco giuseppe.demarco at unical.it
Mon Oct 16 22:08:58 CEST 2017 

Hi all,

I'm using Debian GNU/Linux 9.2 (stretch) with standard strongswan package
from stretch apt repository (5.5.1-4+deb9u1).

The tunnel is a ikev2 with eap-radius authentication.

I'm facing the problem that Windows 10 clients doesn't send their right
identity.
Linux and Android clients works great instead, they always request the
connections with the correct eap_identity as we expect to be.

The problem is that if the Windows client fails its identity it will take a
dinamic virtual ip and not the static one, configured for it.

I also read about attr_sql and the possibility to fix the ip assignment in
a second time, via sql.
I'd like also to play with it but, I installed all of the strongswan/charon
packages, they are all here:

libstrongswan
libstrongswan-extra-plugins
libstrongswan-standard-plugins
network-manager-strongswan
strongswan
strongswan-charon
strongswan-ike
strongswan-ikev1
strongswan-ikev2
strongswan-libcharon
strongswan-nm
strongswan-pki
strongswan-scepclient
strongswan-starter
strongswan-swanctl
charon-cmd
charon-systemd
libcharon-extra-plugins
strongswan-charon
strongswan-libcharon

But I cannot see the attr_plugin loaded and running, with the command:

ipsec listplugins

attr_sql could be a good solution, the goal is to configure a Windows 10
that correctly presents itself with its proper identity, instead of its WAN
IP as 192.168.3.44:

04[CFG] looking for peer configs matching
110.7.6.173[%any]...11.74.200.151[192.168.3.44]
04[CFG] selected peer config 'ike2-eap-radius'

The same account, using nm-strongswan or charon-cmd, works great with
Linux,  the identity (Frank) is there:

15[CFG] looking for peer configs matching
110.7.6.173[%any]...11.74.200.151[Frank]
15[CFG] selected peer config 'ike2-eap-Frank'

I'm also sure that this problem should be well know in Windows 10 clients,
it looks so standard!
Any suggestions would be very appreciated
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171016/581eeee5/attachment.html>

More information about the Users mailing list