[strongSwan] strongswan network manager client using eap-radius

Claude Tompers claude.tompers at restena.lu
Thu Jun 3 09:50:10 CEST 2010


Hi Martin,

On Thursday 03 June 2010 09:26:56 you wrote:
> Hi Clause,
> 
> > Jun  3 08:21:38 vpn6-test charon: 10[IKE] received EAP_NAK, sending EAP_FAILURE
> 
> Seems that the client does not like the EAP method offered. I assume
> you're using MSCHAPv2, so double check that the client has the
> eap-mschapv2 and the eap-identity modules installed and loaded.

I changed the configuration in freeradius as well as in Windows 7 (easier to configure anyway ;) ).
Now I get the same error for both Windows 7 and Ubuntu :

Jun  3 09:47:02 vpn6-test charon: 02[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Jun  3 09:47:02 vpn6-test charon: 02[IKE] received EAP identity 'ctompers'
Jun  3 09:47:02 vpn6-test charon: 02[IKE] initiating EAP_RADIUS method
Jun  3 09:47:02 vpn6-test charon: 02[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Jun  3 09:47:02 vpn6-test charon: 02[NET] sending packet: from 192.168.1.13[4500] to 192.168.3.19[4500]
Jun  3 09:47:03 vpn6-test charon: 12[NET] received packet: from 192.168.3.19[4500] to 192.168.1.13[4500]
Jun  3 09:47:03 vpn6-test charon: 12[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Jun  3 09:47:03 vpn6-test charon: 12[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Jun  3 09:47:03 vpn6-test charon: 12[NET] sending packet: from 192.168.1.13[4500] to 192.168.3.19[4500]
Jun  3 09:47:03 vpn6-test charon: 16[NET] received packet: from 192.168.3.19[4500] to 192.168.1.13[4500]
Jun  3 09:47:03 vpn6-test charon: 16[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Jun  3 09:47:03 vpn6-test charon: 16[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established
Jun  3 09:47:03 vpn6-test charon: 16[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
Jun  3 09:47:03 vpn6-test charon: 16[NET] sending packet: from 192.168.1.13[4500] to 192.168.3.19[4500]
Jun  3 09:47:03 vpn6-test charon: 14[NET] received packet: from 192.168.3.19[4500] to 192.168.1.13[4500]
Jun  3 09:47:03 vpn6-test charon: 14[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Jun  3 09:47:03 vpn6-test charon: 14[IKE] verification of AUTH payload without EAP MSK failed
Jun  3 09:47:03 vpn6-test charon: 14[ENC] generating IKE_AUTH response 5 [ N(AUTH_FAILED) ]
Jun  3 09:47:03 vpn6-test charon: 14[NET] sending packet: from 192.168.1.13[4500] to 192.168.3.19[4500]

The strongswan server configuration is still the same.

thanks very much

kind regards
Claude

> 
> For more information about the client error, have a look
> at /var/log/daemon.log.
> 
> Regards
> Martin
> 
> 

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100603/bc120cfc/attachment.pgp>


More information about the Users mailing list