Hi all, I'm using Debian GNU/Linux 9.2 (stretch) with standard strongswan package from stretch apt repository (5.5.1-4+deb9u1).
The tunnel is a ikev2 with eap-radius authentication. I'm facing the problem that Windows 10 clients doesn't send their right identity. Linux and Android clients works great instead, they always request the connections with the correct eap_identity as we expect to be. The problem is that if the Windows client fails its identity it will take a dinamic virtual ip and not the static one, configured for it. I also read about attr_sql and the possibility to fix the ip assignment in a second time, via sql. I'd like also to play with it but, I installed all of the strongswan/charon packages, they are all here: libstrongswan libstrongswan-extra-plugins libstrongswan-standard-plugins network-manager-strongswan strongswan strongswan-charon strongswan-ike strongswan-ikev1 strongswan-ikev2 strongswan-libcharon strongswan-nm strongswan-pki strongswan-scepclient strongswan-starter strongswan-swanctl charon-cmd charon-systemd libcharon-extra-plugins strongswan-charon strongswan-libcharon But I cannot see the attr_plugin loaded and running, with the command: ipsec listplugins attr_sql could be a good solution, the goal is to configure a Windows 10 that correctly presents itself with its proper identity, instead of its WAN IP as 192.168.3.44: 04[CFG] looking for peer configs matching 110.7.6.173[%any]...11.74.200.151[192.168.3.44] 04[CFG] selected peer config 'ike2-eap-radius' The same account, using nm-strongswan or charon-cmd, works great with Linux, the identity (Frank) is there: 15[CFG] looking for peer configs matching 110.7.6.173[%any]...11.74.200.151[Frank] 15[CFG] selected peer config 'ike2-eap-Frank' I'm also sure that this problem should be well know in Windows 10 clients, it looks so standard! Any suggestions would be very appreciated