[strongSwan] Help! I can't configure Windows 10 to send remote id (leftid) for IKEv2

Christian Salway christian.salway at naimuri.com
Wed Sep 26 01:29:33 CEST 2018 

You can set the ID in windows 10 if you go through the options for the connection you will see it. Not near a computer otherwise I’d get you the instructions.

> On 26 Sep 2018, at 02:30, bls s <bls3427 at outlook.com> wrote:
> 
> I'm curious about this as well. From my work on pistrong (see elsewhere), it looks to me like Windows doesn't have a way to send an ID that you can use for matching. I haven't tried this, but you might be able to make it work by using a separate "VPN certificate" for the Windows connection that has an altname in it corresponding to a secondary DNS name for your server. You can then have Windows connect to the secondary DNS name and, in theory, it would eventually match that connection.
> 
> Again, just a theory, I'm definitely interested in other approaches to solving this.
>  
> From: Users <users-bounces at lists.strongswan.org> on behalf of Marwan Khalili <choklad_321 at hotmail.com>
> Sent: Tuesday, September 25, 2018 7:47 AM
> To: users at lists.strongswan.org
> Subject: [strongSwan] Help! I can't configure Windows 10 to send remote id (leftid) for IKEv2
>  
> Hello,
> 
> I have a strongSwan server running with the ipsec.conf pasted below. 
> 
> The clients are using Windows 10 and macOS and they must be able to choose connection. I am trying to separate the connections using "leftid" with different subdomains for each connection (e.g. vpn1.example.org, vpn2.example.org).
> 
> My solution below works in macOS by matching "Remote ID" with the appropriate "leftid", however I can't get it to work in Windows 10. 
> 
> I am very grateful to any help or ideas of how I can solve this. 
> 
> 
> ipsec.conf
> --------------
> conn %default
>   auto=add
>   dpdaction=clear
>   dpddelay=180s
>   eap_identity=%any
>   esp=aes256-sha256,aes256-sha1,3des-sha1!
>   forceencaps=yes
>   ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
>   keyexchange=ikev2
>   leftcert=cert.pem
>   leftsendcert=always
>   rightauth=eap-mschapv2
>   rightsendcert=never
> 
> conn conn1
>   left=%any
>   leftid=@vpn1.example.org
>   leftsubnet=0.0.0.0/0
>   right=%any
>   rightid=%any
>   rightdns=8.8.8.8,8.8.4.4
>   rightsourceip=10.10.10.1/24
> 
> conn conn2
>   left=%any
>   leftid=@vpn2.khalili.xyz
>   leftsubnet=0.0.0.0/0
>   right=%any
>   rightid=%any
>   rightdns=8.8.8.8,8.8.4.4
>   rightsourceip=10.10.10.2/24
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180926/4c0407b0/attachment.html>

More information about the Users mailing list