<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">With that option, its asking for MSCHAPV2<div class=""><br class=""></div><div class="">CLIENT</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[IKE] server requested EAP_IDENTITY (id 0x00), sending â€˜remote.user'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[NET] sending packet: from 192.168.1.31[54408] to x.x.x.x[4500] (112 bytes)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">11[NET] received packet: from x.x.x.x[4500] to 192.168.1.31[54408] (112 bytes)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">11[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">11[IKE] server requested EAP_MSCHAPV2 authentication (id 0xA8)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-family: Helvetica; font-size: 12px;" class="">SERVER</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Jun 12 13:43:19 13[IKE] received EAP identity â€˜remote.user'</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Jun 12 13:43:19 13[IKE] EAP_MSCHAPV2 method selected</span></div><div style="margin: 0px; font-stretch: normal; line-height: normal;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Jun 12 13:43:19 13[IKE] initiating EAP_MSCHAPV2 method (id 0xA8)</span></div></span></div><div class=""><div><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On 12 Jun 2018, at 14:40, Tobias Brunner <<a href="mailto:tobias@strongswan.org" class="">tobias@strongswan.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi Christian,<br class=""><br class=""><blockquote type="cite" class="">Ok, I changed my command line to now read<br class=""><br class="">sudo charon-cmd --host x.x.x.x --identity remote.user --p12 remote.user.p12<br class=""></blockquote><br class="">The server expects the client to authenticate with EAP, but the client<br class="">will not do that automatically if you configure a private<br class="">key/certificate (it then uses the profile ikev2-pub to use regular<br class="">pubkey authentication).  If you want to use EAP-TLS instead, add<br class="">--profile ikev2-eap to the command line.<br class=""><br class="">Regards,<br class="">Tobias<br class=""></div></div></blockquote></div><br class=""></div></div></body></html>