On Wed, Jan 03, 2018 at 03:11:01AM +0000, Michael Lam wrote:
> Hi all,
>
> Does anyone have experience with using iked with a Windows 10 and EAP
> mschap-v2 authentication in a road warrior setup?
You mean Windows 10 connecting as a road warrior to iked?
> I tried but it doesn't work. It always return error saying no local
> certificate found. On a side note - Windows seems to report it's IP address
> as peerid.
Make sure you load the complete certificate chain for your _local_ iked
certifikate to /etc/iked/ca/. This is, so far, required. I have some
upcoming diff that removes the requirement to trust all CAs of your
local certificate.
Patrick
> On the OpenBSD side, I am using the latest iked from cvs and a valid
> letsencrypt certificate. The resulting server does not have issue with iOS
> configuration but never got pass Windows 10.
>
> The same certififcate works properly with strongswan in a freebsd ikev2
> setup hence server certificate issue can be eliminated.
>
> Will post logs and config once I am back home.
> --
>
> Rgds, Michael
No comments:
Post a Comment