[strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 (Username and password)
Martin Willi
martin at strongswan.org
Fri May 7 13:44:24 CEST 2010
Hi again,
> the response is just a little bit below:
A yes, haven't seen the first authentication round in the log.
> Why does strongSwan not reply with IKE AUTH [Idr AUTH CERT EAP REQ/ID]
> leftsendcert=never
Looks suspicious ;-). The example configuration uses
rightsendcert=never, which actually says to not request a certificate
from the client. leftsendcert=never will not include our own
certificate, for example if a client already has the peer certificate of
the gateway. But Windows 7 always expects a certificate payload to
authenticate the gateway.
Regards
Martin
More information about the Users
mailing list