[strongSwan] problem with identical local peers addresses of two clients

Tobias Brunner tobias at strongswan.org
Fri Jan 18 12:19:57 CET 2019


Hi Stephan,

> we are using radius authentication with user certificates. 

With EAP (EAP-TLS in your case) Windows insists on using the local IP
address as IKE identity.  Unfortunately, that identity won't change when
RADIUS is used (even if the RADIUS server does an EAP-Identity
exchange).  Did you try if it makes a difference if you let the IKE
daemon do an EAP-Identity exchange first (configure eap_identity=%any)?

Regards,
Tobias


More information about the Users mailing list