[strongSwan] Windows Client - Multiple Connections, Multiple Certs

bls s bls3427 at outlook.com
Mon Feb 25 15:07:12 CET 2019

IIRC from when I looked at this, I was able to have two completely different servers configured on my Win10 client, and it worked correctly. I think the trick is to make sure that each VPN server has a different hostname (duh), and that the VPN SAN keys in the certs contain the FQDN hostname.

From: Tobias Brunner<mailto:tobias at strongswan.org>
Sent: Monday, February 25, 2019 3:30 AM
To: Tom Rymes<mailto:trymes at rymes.com>; users at lists.strongswan.org<mailto:users at lists.strongswan.org>
Subject: Re: [strongSwan] Windows Client - Multiple Connections, Multiple Certs

Hi Tom,

> I do not see anywhere that I
> can specify which certificate the client should use for a given connection.

I think you can only do that with EAP-TLS (i.e. not with machine
certificates) where you might actually get prompted for a certificate if
there are multiple and the advanced VPN options (via adapter options on
Windows 10) even provide a setting to pre-select a specific certificate
to use (via issuer/CA and/or EKU).


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190225/5aba95ca/attachment.html>

More information about the Users mailing list