[Swan] win10 (/ win11?) client user certs instead of machine
Paul Wouters
paul at nohats.ca
Thu Feb 1 01:04:29 EET 2024
On Wed, 31 Jan 2024, Marc wrote:
> Subject: [Swan] win10 (/ win11?) client user certs instead of machine
>
> Is there a way to setup libreswan[1] in such a way it matches more windows defaults.
>
> Currently I have to distribute some powershell scripts that set "Use machine certificates" (standard.png). However it would be nicer if this eap could be enabled and use the user? certificates (eap.png)
Yes. EAP-TLS is supported. Test cases that show configuration:
https://github.com/libreswan/libreswan/blob/main/testing/pluto/interop-ikev2-eaptls-strongswan-client/east.conf
Paul
More information about the Swan
mailing list