On Wed, Jan 03, 2018 at 03:11:01AM +0000, Michael Lam wrote: > Hi all, > > Does anyone have experience with using iked with a Windows 10 and EAP > mschap-v2 authentication in a road warrior setup?
You mean Windows 10 connecting as a road warrior to iked? > I tried but it doesn’t work. It always return error saying no local > certificate found. On a side note - Windows seems to report it’s IP address > as peerid. Make sure you load the complete certificate chain for your _local_ iked certifikate to /etc/iked/ca/. This is, so far, required. I have some upcoming diff that removes the requirement to trust all CAs of your local certificate. Patrick > On the OpenBSD side, I am using the latest iked from cvs and a valid > letsencrypt certificate. The resulting server does not have issue with iOS > configuration but never got pass Windows 10. > > The same certififcate works properly with strongswan in a freebsd ikev2 > setup hence server certificate issue can be eliminated. > > Will post logs and config once I am back home. > -- > > Rgds, Michael
