<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><span></span></div><div id="yui_3_16_0_ym19_1_1461910344745_3452" dir="ltr"><span style="font-size:12.0pt;mso-bidi-font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";mso-ascii-theme-font:minor-latin;mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;mso-ansi-language:EN-US;mso-fareast-language:EN-US;mso-bidi-language:AR-SA" id="yui_3_16_0_ym19_1_1461910344745_3458">Thank
you Tobias for your prompt response. The Gateway configuration for Android (strongSwan
VPN Client) setting "IKEv2 Certificate + EAP (Username/Password)". Thus
we need to configure rightauth2=eap-md5 which was missing. This configures a
second authentication round using EAP after doing a first round with
certificate authentication. With this, </span><span style="font-size:12.0pt;line-height:115%;font-family:"Calibri","sans-serif";mso-ascii-theme-font:minor-latin;mso-fareast-font-family:"Times New Roman";mso-hansi-theme-font:minor-latin;mso-bidi-theme-font:minor-latin;mso-ansi-language:EN-US;mso-fareast-language:EN-US;mso-bidi-language:AR-SA" id="yui_3_16_0_ym19_1_1461910344745_3459">VPN connection gets established. I think, it has
nothing to do with </span><span style="font-size:12.0pt;mso-bidi-font-size:11.0pt;line-height:115%;font-family:"Calibri","sans-serif";mso-ascii-theme-font:minor-latin;mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-hansi-theme-font:minor-latin;mso-bidi-font-family:"Times New Roman";mso-bidi-theme-font:minor-bidi;mso-ansi-language:EN-US;mso-fareast-language:EN-US;mso-bidi-language:AR-SA" id="yui_3_16_0_ym19_1_1461910344745_3460">constraints and eap-dynamic plugin. Please
correct me if I am wrong.</span><span><br></span></div> <div class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: block;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div dir="ltr"><font size="2" face="Arial"> On Thursday, April 28, 2016 10:04 PM, Tobias Brunner <tobias@strongswan.org> wrote:<br></font></div> <br><br> <div class="y_msg_container">Hi,<br clear="none"><br clear="none">> 12[CFG] constraint requires EAP_MD5, but EAP_NAK was used<br clear="none"><br clear="none">You configured rightauth=eap-md5 but your client did not authenticate<br clear="none">with EAP but with its certificate. Check the client configuration.<div class="yqt8044093971" id="yqtfd63855"><br clear="none"><br clear="none">Regards,</div><br clear="none">Tobias<div class="yqt8044093971" id="yqtfd77212"><br clear="none"><br clear="none"></div><br><br></div> </div> </div> </div></div></body></html>