[strongSwan] strongswan network manager client using eap-radius

Martin Willi martin at strongswan.org
Thu Jun 3 10:08:48 CEST 2010

> 16[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established
> 14[IKE] verification of AUTH payload without EAP MSK failed

Then I'd assume you are using FreeRADIUS :-).

It does not include the MSK in MSCHAPv2 if used over EAP. IKEv2 however
requires the MSK to calculate the AUTH payload.

In its current form, you can't use FreeRADIUS for your setup, my
apologies. One could extend FreeRADIUS to copy over the MPPE keys, but
writing such a patch is not something I can do in a few minutes.


More information about the Users mailing list