Project

General

Profile

Issue #628

Windows Phone 8.1 - Certificate Pattern Matching

Added by Jason Kershaw over 6 years ago. Updated over 6 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Affected version:
5.1.3
Resolution:

Description

Hi,

I'm currently investigating the use of Windows Phone 8.1 for an enterprise solution.
I've managed to configure Strongswan to accept the connection EAP-TLS and certificate authentication.

However I'm not able to use a pattern matching to ensure the device connection is allocated to the correct profile.

With Apple IKEv1 & Android IKEv2 connections, the rightid="C=*,..." pattern can be used.
As the windows phone presents the certificate as part of the EAP process it seems the certificate information is defined as the rightid.

Is there a configuration item that could be used to match the certificate when presented from an EAP-TLS connection ?

Thanks
Jason


Related issues

Related to Feature #1057: conn switching based on eap identityNew06.08.2015
Has duplicate Issue #979: Windows 7+ / Windows Phone RWs with statically assigned IPsClosed01.06.2015

History

#1 Updated by Martin Willi over 6 years ago

Jason,

Is there a configuration item that could be used to match the certificate when presented from an EAP-TLS connection ?

No, connection matching based on the EAP-Identity or EAP method username is currently not supported. The upcoming 5.2.0 can handle late configuration switching based on the XAuth identity in IKEv1, but this does not apply for IKEv2 EAP.

Regards
Martin

#2 Updated by Jason Kershaw over 6 years ago

Hi Martin,

Many thanks for the quick response.
Follow up question :
Is it feasible for EAP late configuration switching and just not implemented/developed as yet, or is this not possible ?

I know which I think it is, but would just like confirmation.

Thanks
Jason

#3 Updated by Martin Willi over 6 years ago

Is it feasible for EAP late configuration switching and just not implemented/developed as yet, or is this not possible ?

It is theoretically possible, but non-trivial to implement.

Regards
Martin

#4 Updated by Tobias Brunner over 5 years ago

  • Has duplicate Issue #979: Windows 7+ / Windows Phone RWs with statically assigned IPs added

#5 Updated by Tobias Brunner about 5 years ago

  • Related to Feature #1057: conn switching based on eap identity added

Also available in: Atom PDF