I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP is working, but when i trying run this two auth methods at a same time i have auth error.
I tested this on win7 and on android (strongswan client).
How can i setup this ? Is it possible at all ?
#ipsec.conf
rightauth=pubkey
rightauth2=eap-mschapv2
#ipsec.secrets
username : EAP "password"
ver. strongSwan U5.3.5/K4.4.0-116-generic
Best Answer
Using two (or more) authentication methods in IKEv2 requires support for RFC 4739.
Unfortunately, a lot of clients don't support this, for instance, the built-in IKEv2 clients in Windows and macOS/iOS.
But combining certificate and username/password-based client authentication should work with the strongSwan Android app, if the client profile is configured appropriately ("IKEv2 Certificate + EAP (Username/Password)" is the VPN type to select there).