<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">You say on [1] that "The native iOS and OS X clients are known to work fine with multiple authentication rounds.", yet I have the server configured with multiple rounds using xauth but OSX is only requesting EAP<div class=""><br class=""></div><div class=""><pre style="background-color: rgb(255, 255, 255); font-family: Menlo; font-size: 9pt;" class=""><span style="background-color:#e7ffb3;" class="">connections {<br class=""></span><span style="background-color:#e7ffb3;" class=""> radius {<br class=""></span><span style="background-color:#e7ffb3;" class=""> version = 2<br class=""></span><span style="background-color:#e7ffb3;" class=""> send_cert = always<br class=""></span><span style="background-color:#e7ffb3;" class=""> encap = yes<br class=""></span><span style="background-color:#e7ffb3;" class=""> pools = pool1<br class=""></span><span style="background-color:#e7ffb3;" class=""> unique = replace<br class=""></span><span style="background-color:#e7ffb3;" class=""> proposals = aes256-sha256-prfsha256-ecp256-modp2048<br class=""></span><span style="background-color:#e7ffb3;" class=""> local {<br class=""></span><span style="background-color:#e7ffb3;" class=""> id = vpnserver<br class=""></span><span style="background-color:#e7ffb3;" class=""> certs = vpnserver.crt<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> remote {<br class=""></span><span style="background-color:#e7ffb3;" class=""> auth = xauth-radius:passandcode<br class=""></span><span style="background-color:#e7ffb3;" class=""> }</span><span style="background-color:#e7ffb3;" class=""><br class=""></span><span style="background-color:#e7ffb3;" class=""> children {<br class=""></span><span style="background-color:#e7ffb3;" class=""> net {<br class=""></span><span style="background-color:#e7ffb3;" class=""> local_ts = 172.31.0.0/16<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class="">}<br class=""></span></pre><div class=""><pre style="background-color: rgb(255, 255, 255); font-family: Menlo; font-size: 9pt;" class=""><span style="background-color:#e7ffb3;" class="">eap-radius {<br class=""></span><span style="background-color:#e7ffb3;" class=""> load = yes<br class=""></span><span style="background-color:#e7ffb3;" class=""> accounting = yes<br class=""></span><span style="background-color:#e7ffb3;" class=""> nas_identifier = vpn-pod1<br class=""></span><span style="background-color:#e7ffb3;" class=""> servers {<br class=""></span><span style="background-color:#e7ffb3;" class=""> primary {<br class=""></span><span style="background-color:#e7ffb3;" class=""> address = 172.31.19.90 # TODO: change to DNS<br class=""></span><span style="background-color:#e7ffb3;" class=""> secret = KFdHr0sgw$kOfFgh # /etc/freeradius/clients.conf<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> xauth {<br class=""></span><span style="background-color:#e7ffb3;" class=""> passandcode {<br class=""></span><span style="background-color:#e7ffb3;" class=""> password = Please enter your Password:<br class=""></span><span style="background-color:#e7ffb3;" class=""> passcode = Please enter current authenticator token code:<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class=""> }<br class=""></span><span style="background-color:#e7ffb3;" class="">}</span></pre><div class=""><br class=""></div></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[CFG] selected peer config 'radius'</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[IKE] peer requested EAP, config inacceptable</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[CFG] no alternative config found</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[IKE] peer supports MOBIKE</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">10[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]</span></div></div><br class=""><br class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">[1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Arbitrary-RADIUS-attribute-forwarding" class="">https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius#Arbitrary-RADIUS-attribute-forwarding</a></div><div class=""><br class=""></div></div></body></html>