[strongSwan] Strongswan+RADIUS secret code problem?

Julian Poschmann julian.poschmann at rwth-aachen.de
Fri Oct 28 17:10:36 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have similar setup, here two caveeats I had:

1) Windows 7 was not happy with the eap-type the radius server
suggested and quit with error 13801. I had to set "default_eap_type =
mschapv2" in eap.conf. I think Windows 7 only supports eap-mschapv2
for it's ikev2 client. Maybe there is a more elegant way than changing
the default eap type. I haven't looked further into it.

2) There have been license issue with openssl in freedradius under
debian/ubuntu resulting in the repo version being compiled with very
limited functionality. Although it shouldn't have an impact on
eap-mschapv2 (I think), maybe it's worth a try compiling freefradius
yourself.

Regards,
  Julian

Am 28.10.2011 06:37, schrieb T Z:
> Hi all,
> 
> I'm using Strongswan 4.5.2 (from Debian squeeze-backports) and 
> Freeradius 2.1.0 (from Debian stable) to construct an IKEv2 VPN for
> my clients. It seems that Strongswan is connected with Freeradius,
> but client connection just fails. Testing with Windows 7 IKEv2
> client, it prompts "Error 13801: IKE authentication credentials are
> unacceptable."

- -- 
Julian Poschmann
Josefstr. 126
52080 Aachen-Eilendorf

Telefon: +49 170 3295135
E-Mail: julian.poschmannn at rwth-aachen.de
PGP-ID: 0x7D51DD8B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iEYEARECAAYFAk6qxewACgkQJmSm8H1R3YtLhwCfWyuSXztlTxVFRfOMhLYgW4cz
sjgAn31r+lBORw7Z3P38ZWNn2gtFtoAh
=Vytf
-----END PGP SIGNATURE-----




More information about the Users mailing list