Have been trying to setup and test a VPN using certificates and IKEv2 following the road warrior in the wiki, substituted address 2.2.2.2 to 192.168.88.1 and the dhcp profile to .88. range.
All fine after setup but Win 10 says “a certificate could not be found to use with this EAP”, as far as I know I am not using EAP, should be certificate and IKEv2 as per the VPN setup on the Win side, a quick Google found that adapter settings on the VPN entry it is set to EAP by default and you need to change it to certificate, that gets me to this stage:.
20:13:40 ipsec,info new ike2 SA (R): 192.168.88.1[500]-192.168.88.254[500] spi:72fd7b8a0a6ce340:b135d679ab9e0dc4
20:13:40 ipsec,info peer authorized: 192.168.88.1[4500]-192.168.88.254[4500] spi:72fd7b8a0a6ce340:b135d679ab9e0dc4
20:13:40 ipsec,info acquired 192.168.88.9 address for 192.168.88.254, 192.168.88.1
20:13:40 ipsec,error no policy found/generated
20:13:40 ipsec,info releasing address 192.168.88.9
One thing I notice is that, although I set Certificate as the sign in the profile reverts to “General Authentication method” and will not save as certificate, powershell does show certificate:
Name : x
ServerAddress : 192.168.88.1
AllUserConnection : False
Guid : {238FD33F-739F-44D0-AC05-FAD03AB9E954}
TunnelType : Ikev2
AuthenticationMethod : {MachineCertificate}
EncryptionLevel : Required
L2tpIPsecAuth :
UseWinlogonCredential : False
EapConfigXmlStream :
ConnectionStatus : Disconnected
RememberCredential : True
SplitTunneling : True
DnsSuffix :
IdleDisconnectSeconds : 0
If anyone has an example setup I’d be grateful as I am probably making mistakes…two days worth of them, persistent for sure.