Hi Tobias,
we are using radius authentication with user certificates.
rightauth=eap-radius
rightgroups="VPN_Verw"
"VPN_Verw" is the Radius Class-Attribut.
Regards,
Stephan
-----Ursprüngliche Nachricht-----
Von: Tobias Brunner <tob...@strongswan.org>
Gesendet: Donnerstag, 17. Januar 2019 15:26
An: Hendl Stephan <stephan.he...@landtag.brandenburg.de>;
'users@lists.strongswan.org' <users@lists.strongswan.org>
Betreff: Re: [strongSwan] problem with identical local peers addresses of two
clients
Hi Stephan,
> we’ve two windows 10 clients which got the identical IP-address from
> their dsl router at home. Now they are fighting against each other in
> catching the vpn tunnel. Is there a way to fix that beside reconfiguring
> the home router?
What type of authentication are you using? It seems the SAs are deleted
based on the IKE identity (which apparently is the private IP address
here). Using a different authentication method might force Windows to
use the actual identity of the user/certificate and not the IP address.
Regards,
Tobias
