[strongSwan] Combined auth methods for IKEv2?
Tobias Brunner
tobias at strongswan.org
Wed Jul 14 09:39:20 CEST 2021
Hi Brent,
> remote {
> auth = pubkey
> id = O=FooBar (https://foobar.tld/), OU=nodes, CN=*
> cacerts = /etc/pki/ca-trust/source/anchors/FooBar_CA.pem,/etc/pki/ca-trust/source/anchors/FooBar_Intermediate.pem
> round = 0
> }
> remote {
> auth = eap-radius
> eap_id = %any
> round = 1
> }
This won't work. The two "remote" sections get merged together, while
the latter overrides existing key/value pairs, so you end up with:
> remote {
> auth = eap-radius
> id = O=FooBar (https://foobar.tld/), OU=nodes, CN=*
> cacerts = /etc/pki/ca-trust/source/anchors/FooBar_CA.pem,/etc/pki/ca-trust/source/anchors/FooBar_Intermediate.pem
> eap_id = %any
> round = 1
> }
Make sure to name these sections differently (the actual name doesn't
matter as long they start with "remote", so "remote-1/2" works as well
as "remote-pubkey/eap").
Regards,
Tobias
More information about the Users
mailing list