IKEv2 with EAP-RADIUS

To setup IKEv2 with EAP-RADIUS, follow the directions for IKEv2 with EAP-MSCHAPv2 with a slight variation:

• Define a RADIUS server under System > User Manager, Servers tab before starting

• Select the RADIUS server on VPN > IPsec, Mobile Clients tab

• Select EAP-RADIUS for the Authentication method on the Mobile IPsec Phase 1 entry

Note: When using Windows 7 as a client, be sure to import the CA Certificate from the VPN server as a machine certificate under “Computer Account” as described here.

EAP-RADIUS with FreeRADIUS

The default settings are OK for this, if not, see Using EAP and PEAP with FreeRADIUS

EAP-RADIUS with Windows Network Policy Server (NPS)

To allow strongSwan to authenticate against NPS using EAP-MSCHAPv2, alter the NPS policy as follows:

• Open Network Policy Server (NPS)

• Expand Policies

• Click Network Policies

• Edit the policy currently in use

• Click on the Constraints tab

• Click Authentication Methods

• Click Add

• Select Microsoft: Secured Password (EAP-MSCHAP v2)

• Click OK

• Click Apply (To restart NPS)

• Click OK