[strongSwan] eap auth with 5.8 - how?
Tobias Brunner
tobias at strongswan.org
Mon May 11 13:43:07 CEST 2020
Hi,
> Having only:
>
> remote {
> certs = "remote.fqdn.crt"
> auth = "pubkey"
> }
>
> does not help.
Again, not the same thing as configuring %any as remote identity (there
is a fallback to the certificate's subject identity if a certificate but
no identity is configured - and that identity is sent to the peer, which
might not like it, so you should perhaps later check what identity it
actually returns and configure that).
> Trying: 'mode=tunnel' also fails.
That will only have an effect after the authentication.
> Also, I'm not sure how to translate this (in case it's critical)
>
> leftfirewall=yes
Whether it's critical depends on your firewall config. See [1] for
notes on migrating from ipsec.conf to swanctl.conf.
Regards,
Tobias
[1] https://wiki.strongswan.org/projects/strongswan/wiki/fromipsecconf
More information about the Users
mailing list