Hi Andreas, > I don't know how to change the client's IKEv2 identity cause the > clients are Windows 7 not StrongSWAN clients.
You can't, Windows always uses the local IP as the IKEv2 identity. There have been rumors that Service Pack 1 brings additional identity options, but I haven't seen anything in the beta. > I doesn't seem to work for smartcards (or at least I don't know how to > make it work). Windows uses machine certificates for plain IKEv2 certificate authentication and user certificates (optionally on a smartcard) with EAP-TLS authentication. It works straight forward with my SuisseID here. I'm no expert in Windows smartcard things, but I think you'll have to make sure the smartcard certificates are loaded into the user certificate store; in my case the tool shipped with the smartcard does this for me. As identity, I use the Microsoft specific UPN subjectAltName contained in my certificate (it is handled as E-Mail on the strongSwan side). Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
