o.k. so guess I'll build a freeradius server on the SSwan VPN box using vpn.york.ac.uk cert and then proxy stuff to the mail auth service A
On 4 December 2017 at 10:31, Tobias Brunner <[email protected]> wrote: > Hi Alex > > > So if my client is connecting to vpn.york.ac.uk, > > the cert that needs installing is vpn.york.ac.uk > > ..... swhere /etc/ipsed.d/aacerts /etc/ipsed.d/certs ? > > This refers to configuring the certificate in the GUI (in which case > only that certificate is loaded the certificates in the CA dir are not). > However, "server certificate for IKEv2" != "RADIUS server certificate > for EAP-PEAP/TTLS or other TLS based EAP methods". So configuring that > certificate won't help you if your RADIUS server still uses an identity > that is not contained in the configured certificate. > > Regards, > Tobias >
