[strongSwan] MFA with EAP TLS

Thu Jun 14 20:06:05 CEST 2018

Is there a way to have two factor authentication with the first being certificate?

Something like:

connections {
  ecdsa {
     version = 2
     send_cert = always
     encap = yes
     unique = replace
     proposals = aes256-sha256-prfsha256-ecp256-modp2048
     pools = pool1
     local {
        id = vpnserver
        certs = vpnserver.crt
     }
     remote {
        auth = eap-tls
        eap_id = %any
     }
     remote {
        auth = mfa
        eap_id = %any
     }
}

I doubt this is possible with the builtin windows or osx clients but maybe with StrongSwan client?