As an outfit that has always worked on a full Windows stack, we now want to introduce our first Macs into our office for a proof of concept. Our VPN solution is also based on the Windows VPN server (RRAS with NPS) and while I can connect the Mac to that with the help of L2TP using the user password and a preshared key for machine authentication, we would like to get the authentication done with the help of certificates. However, when I set the machine certificate, I can see in the ppp log on the Mac a failure while establishing the IPsec tunnel. If I allow the machine authentication with the preshared key and attempt the user authentication with a certificate, I get a failure upon user authentication. Depending on the settings on the NPS server, the server will either expect a PEAP (type 25) or MS-EAP (type 26) authentication while the Mac refuses these and sends a NAK requesting EAP-TLS (type 13) which the Windows server does not offer, this is visible in the ppp log on the Mac while the Windows event viewer on the NPS server simply indicates that an unsupported EAP type was used.
Is there any way to make these 2 connect with each other with at least one of the authentications getting completed by certificate?
