IIRC from when I looked at this, I was able to have two completely different servers configured on my Win10 client, and it worked correctly. I think the trick is to make sure that each VPN server has a different hostname (duh), and that the VPN SAN keys in the certs contain the FQDN hostname.
From: Tobias Brunner<mailto:[email protected]> Sent: Monday, February 25, 2019 3:30 AM To: Tom Rymes<mailto:[email protected]>; [email protected]<mailto:[email protected]> Subject: Re: [strongSwan] Windows Client - Multiple Connections, Multiple Certs Hi Tom, > I do not see anywhere that I > can specify which certificate the client should use for a given connection. I think you can only do that with EAP-TLS (i.e. not with machine certificates) where you might actually get prompted for a certificate if there are multiple and the advanced VPN options (via adapter options on Windows 10) even provide a setting to pre-select a specific certificate to use (via issuer/CA and/or EKU). Regards, Tobias
