I'm trying to allow Windows and Android clients to connect through a VPN to a Windows Server 2012 Essentials machine. The VPN works fine over SSTP, but for performance reasons, I want to move to IKEv2.
IKEv2 works on a Windows 7 client, but on Windows 8 clients and the Android strongSwan client, the server responds with Error 13819: Invalid certificate type. I've copied the VPN connection from the Windows 7 client over to a Windows 8 client, to make sure the connections are identical, but no joy.
The server's certificate has the Server Authentication and IKE intermediate EKUs specified. Although I thought it might be a error in how the server certificate is set up, I now suspect that this may turn out to be a client configuration problem, rather than a server configuration one.
As far as I can see, since I'm using EAP-MSCHAPv2 to authenticate clients, I shouldn't need any client authentication certificate on the clients, but I suspect that the server is somehow expecting one.
