Yes, Windows 10 as road warrior, with ms-chapv2 authentication. That means server side I have a certificate and client side using username and password.
My config works with my iPhone as road warrior, but not windows 10. I will try to post the logs for both as soon as I can. Kinda strange I think it has something to do with how Windows offers the proposal or peerid. On Mon, 8 Jan 2018 at 6:13 AM, Patrick Wildt <patr...@blueri.se> wrote: > On Wed, Jan 03, 2018 at 03:11:01AM +0000, Michael Lam wrote: > > Hi all, > > > > Does anyone have experience with using iked with a Windows 10 and EAP > > mschap-v2 authentication in a road warrior setup? > > You mean Windows 10 connecting as a road warrior to iked? > > > I tried but it doesn’t work. It always return error saying no local > > certificate found. On a side note - Windows seems to report it’s IP > address > > as peerid. > > Make sure you load the complete certificate chain for your _local_ iked > certifikate to /etc/iked/ca/. This is, so far, required. I have some > upcoming diff that removes the requirement to trust all CAs of your > local certificate. > > Patrick > > > On the OpenBSD side, I am using the latest iked from cvs and a valid > > letsencrypt certificate. The resulting server does not have issue with > iOS > > configuration but never got pass Windows 10. > > > > The same certififcate works properly with strongswan in a freebsd ikev2 > > setup hence server certificate issue can be eliminated. > > > > Will post logs and config once I am back home. > > -- > > > > Rgds, Michael > -- Rgds, Michael
