hwdsl2
commented
2 years ago @turbozapekanka Hello! Thank you for your suggestion. Currently, Libreswan (as of version 4.9) does not support IKEv2 EAP MSCHAPV2 authentication, so it is not possible to authenticate using a username and password for IKEv2 mode, only using Machine certificates. This means it would be required to transfer client certificates to the VPN clients. Using letsencrypt/certbot has little benefits in this case.
Would be nice to have letsencrypt / certbot implemented so there is no need to transfer a certificate to the client for IKEv2
Here is an example https://www.howtoforge.com/tutorial/how-to-setup-ikev2-vpn-using-strongswan-and-letsencrypt-on-centos-7/