[Swan] IKEv2 PAM auth failure - how it's done properly?
mx2927 at gmail.com
Fri Jan 21 15:52:23 EET 2022
On 1/20/2022 10:08 AM, Mirsad Goran Todorovac wrote:
> I have installed the IKEv2 VPN connection at my colleague's laptop and
> he disappointingly noticed that there is no password authentication in
> addition to certificate.
> This is also akward because we would have to change all certificates if
> i.e. one laptop configured for the Faculty VPN was lost or stolen. :-(
I don't think this is right. The certificate system (in general, not
libreswan's specifically) is explicitly designed so that you don't have
to do that.
Ref CRL (Certificate Revocation List).
More information about the Swan