Hi Alex > So if my client is connecting to vpn.york.ac.uk, > the cert that needs installing is vpn.york.ac.uk > ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ?
This refers to configuring the certificate in the GUI (in which case only that certificate is loaded the certificates in the CA dir are not). However, "server certificate for IKEv2" != "RADIUS server certificate for EAP-PEAP/TTLS or other TLS based EAP methods". So configuring that certificate won't help you if your RADIUS server still uses an identity that is not contained in the configured certificate. Regards, Tobias
