"
Hallo,
I've been using IKEv2 with EAP‑TLS for years (not OPNsense but vanilla FreeBSD with strongswan) and have seen various odd issues, all of them were client issues.
On iOS and other Apple os, these problems are often due to Apple's strict certificate requirements, for example:
- certain certificate extensions must be marked as critical
- client certificates may fail if their lifetime exceeds one or two years (I don't remember, but currently I use 365 days for server and client certs)
I've been using IKEv2 with EAP‑TLS for years (not OPNsense but vanilla FreeBSD with strongswan) and have seen various odd issues, all of them were client issues.
On iOS and other Apple os, these problems are often due to Apple's strict certificate requirements, for example:
- certain certificate extensions must be marked as critical
- client certificates may fail if their lifetime exceeds one or two years (I don't remember, but currently I use 365 days for server and client certs)
