Is there a way to have two factor authentication with the first being certificate?
Something like: connections { ecdsa { version = 2 send_cert = always encap = yes unique = replace proposals = aes256-sha256-prfsha256-ecp256-modp2048 pools = pool1 local { id = vpnserver certs = vpnserver.crt } remote { auth = eap-tls eap_id = %any } remote { auth = mfa eap_id = %any } } I doubt this is possible with the builtin windows or osx clients but maybe with StrongSwan client?