Hi Michael, > no. the problem was that in the destict TNC documentation > > https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect > and > the links in this site there is no mentioning switching off > multiple_authentication in charon.conf: > > multiple_authentication = no > > It is included in the documention web sites you mentioned. But searching for > "strongswan tnc" give the above mentioned website on top.
As Andreas wrote at [1] too, that option does not have to be disabled for TNC or mutual EAP to work. In fact, the ikev2/rw-eap-ttls-only scenario mentioned by Martin completes just fine without disabling multiple authentication rounds. If you have proof otherwise, please extend the bug report you opened. Regards, Tobias [1] https://wiki.strongswan.org/issues/822 _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users