[strongSwan] strongswan network manager client using eap-radius
Martin Willi
martin at strongswan.org
Thu Jun 3 10:08:48 CEST 2010
> 16[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established
>
> 14[IKE] verification of AUTH payload without EAP MSK failed
Then I'd assume you are using FreeRADIUS :-).
It does not include the MSK in MSCHAPv2 if used over EAP. IKEv2 however
requires the MSK to calculate the AUTH payload.
In its current form, you can't use FreeRADIUS for your setup, my
apologies. One could extend FreeRADIUS to copy over the MPPE keys, but
writing such a patch is not something I can do in a few minutes.
Regards
Martin
More information about the Users
mailing list