Hello, To quote your page [1] "With IKEv2 it is possible to use multiple authentication rounds", could this be PSK and eap-mschapv2 and do you have a configuration that would match that method? My current configuration looks like the below.
The clients are OSX and Windows native clients so I am curious if it will work. connections { radius { version = 2 send_cert = always encap = yes pools = pool1 unique = replace proposals = aes256-sha256-prfsha256-ecp256-modp2048 local { # the id must be contained in the certificate, either as subject or as subjectAltName. id = ${FQDN} certs = cert.pem } remote { auth = eap-radius eap_id = %any } children { child_sa_1 { #esp_proposals = local_ts = ${LOCALCIDR} } } } } [1] https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics <https://wiki.strongswan.org/projects/strongswan/wiki/IntroductiontostrongSwan#Authentication-Basics> Kind regards, Christian Salway IT Consultant - Naimuri T: +44 7463 331432 E: christian.sal...@naimuri.com A: Naimuri Ltd, Capstan House, Manchester M50 2UW