Hi Guys, I have searched through the forum and through google but cant seem to get any tutorial setting up IKEv2 EAP with Freeradius for roadwarrior setup
I used this https://wiki.mikrotik.com/wiki/Manual:Wireless_EAP-TLS_using_RouterOS_with_FreeRADIUS to try and figure out how to setup EAP within Freeradius .
I created 3 Certificates and copied the radius cert and CA cert in the suggested folders and edit the eap config file as indicated on the above link
Here is my Tik IKEv2 config
/ip ipsec mode-config
add address-pool=ikev2-client-pool address-prefix-length=32 name=Mode-test split-include=0.0.0.0/0 static-dns=10.14.254.1 system-dns=no
/ip ipsec policy group
add name=group-test
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128,3des hash-algorithm=sha256 name=profile-test
/ip ipsec peer
add exchange-mode=ike2 name=peer-test passive=yes profile=profile-test
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm,3des name=proposal-test pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=servercert generate-policy=port-strict match-by=certificate mode-config=Mode-test peer=peer-test policy-template-group=group-test remote-certificate=emailaddress remote-id=fqdn:emailaddress
/ip ipsec policy
add dst-address=10.14.254.0/24 group=group-test proposal=proposal-test src-address=0.0.0.0/0 template=yes
/ip ipsec settings
set interim-update=1m xauth-use-radius=yes
Can someone please point me into the right direction , PS. I did get auth-method=digital-signature to work by adding the cert to strongswan client on android also on Win 10 IKEv client, but i want to use my Radius and supply username and passwords