On Thu, Apr 09, 2026 at 12:20:05AM +0300, Alex Mihajlov wrote: > On 08/04/2026, Tobias Heider wrote: > > > > We don't support mschapv2 as a client. It really mostly > > exists for Windows client support since they don't offer > > much else. > > > > For every other client I would recommend using public key > > authentication or PSK if you trust all clients. > > Certs are also an option but the initial configuration is a > > little more complicated. > > But what about when you need to authenticate windows > and openbsd clients that come from the Internet > on the same iked server? > > So far, I can only think of individual iked daemons, > but maybe there is a more elegant solution? You can simply put multiple ikev2 blocks into your server iked.conf. It could look sth like: user 'user' 'password' ikev2 'responder_eap' passive esp \ from any to dynamic \ local X.X.X.X peer any \ srcid server1-eap \ eap "mschap-v2" \ config address 10.0.5.0/24 \ config name-server 192.0.2.1 ikev2 'responder_psk' passive esp \ from any to dynamic \ local X.X.X.X peer any \ srcid server1-psk \ psk preshared123! \ config address 10.0.5.0/24 \ config name-server 192.0.2.1 > > -- > С уважением, Михайлов Александр.
No comments:
Post a Comment