Issue #628
Windows Phone 8.1 - Certificate Pattern Matching
Description
Hi,
I'm currently investigating the use of Windows Phone 8.1 for an enterprise solution.
I've managed to configure Strongswan to accept the connection EAP-TLS and certificate authentication.
However I'm not able to use a pattern matching to ensure the device connection is allocated to the correct profile.
With Apple IKEv1 & Android IKEv2 connections, the rightid="C=*,..." pattern can be used.
As the windows phone presents the certificate as part of the EAP process it seems the certificate information is defined as the rightid.
Is there a configuration item that could be used to match the certificate when presented from an EAP-TLS connection ?
Thanks
Jason
Related issues
History
#1 Updated by Martin Willi over 6 years ago
Jason,
Is there a configuration item that could be used to match the certificate when presented from an EAP-TLS connection ?
No, connection matching based on the EAP-Identity or EAP method username is currently not supported. The upcoming 5.2.0 can handle late configuration switching based on the XAuth identity in IKEv1, but this does not apply for IKEv2 EAP.
Regards
Martin
#2 Updated by Jason Kershaw over 6 years ago
Hi Martin,
Many thanks for the quick response.
Follow up question :
Is it feasible for EAP late configuration switching and just not implemented/developed as yet, or is this not possible ?
I know which I think it is, but would just like confirmation.
Thanks
Jason
#3 Updated by Martin Willi over 6 years ago
Is it feasible for EAP late configuration switching and just not implemented/developed as yet, or is this not possible ?
It is theoretically possible, but non-trivial to implement.
Regards
Martin
#4 Updated by Tobias Brunner over 5 years ago
- Has duplicate Issue #979: Windows 7+ / Windows Phone RWs with statically assigned IPs added
#5 Updated by Tobias Brunner over 5 years ago
- Related to Feature #1057: conn switching based on eap identity added