It is only possible to establish that connection while using the PSK for machine authentication and username/password for user authentication.
Both, the machine authentication and the user authentication, does not work with the certificates. I also get a woking L2TP/IPSec connection, but I was not able to implement a certificate based authentication for server nor clients as well. But if the VPN server is a Linux strongSwan too, the RADIUS server EAP-TLS authentication works perfectly. That behaviour of the ZyWall is the same with the Linux Strongswan VPN-Client. The RADIUS server successful authenticate the client and give that response to the ZyWall but after that, the ZyWall does not anything with that, so the client get no response and no connection can be established. If I do not activate EAP, other clients such Linux strongSwan are able to connect by a certification based authentication but not the MacOS built-in VPN-Client.Īfter that I tried to use a RADIUS server to authenticate the EAP-TLS request from the MacOS VPN-Client to bypass the not supported EAP-TLS. For client authentication I have to use EAP-MSCHAPv2, because the ZyWall do not supports EAP-TLS. IKEv2, which is preferred by me to use in the further network configuration, works and the server is able to authenticate itself by a certificate. My goal is to use client certificates issued by a self-created certification authority to authenticate the clients.
That's not what I want since such authentications are vulnerable by dictionary and brute force attacks. So far I was able to get successful connections with IKEv2 and L2TP/IPSec, but all of them use a username/password client authentication. I'm using a Zyxel ZyWall 110 and I want to establish a client-to-side VPN connection to the ZyWall by using the built-in VPN-Client from MacOS 10.14.6 (Mojave).
0 kommentar(er)
