[strongSwan] strongswan network manager client using eap-radius

Claude Tompers claude.tompers at restena.lu
Mon Jun 7 09:52:58 CEST 2010


Hi,

There is a patch for freeradius 2.1.9 that makes it work.
It now works fine for me with Win7 and Ubuntu NM-plugin.
The patch is planned to be included in version 2.1.10.

kind regards,
Claude


On Thursday 03 June 2010 10:08:48 Martin Willi wrote:
> 
> > 16[IKE] EAP method EAP_MSCHAPV2 succeeded, no MSK established
> > 
> > 14[IKE] verification of AUTH payload without EAP MSK failed
> 
> Then I'd assume you are using FreeRADIUS :-).
> 
> It does not include the MSK in MSCHAPv2 if used over EAP. IKEv2 however
> requires the MSK to calculate the AUTH payload.
> 
> In its current form, you can't use FreeRADIUS for your setup, my
> apologies. One could extend FreeRADIUS to copy over the MPPE keys, but
> writing such a patch is not something I can do in a few minutes.
> 
> Regards
> Martin
> 
> 

-- 
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100607/4bf19352/attachment.pgp>


More information about the Users mailing list