[strongSwan] eap-mschapv2 is just working with one Windows 7

Hamid Zamani if.else.fi at gmail.com
Mon Aug 27 10:31:35 CEST 2012 

Hello ,

I've configured a debian os with strongswan 5.0.0 and anything is good so i
can connect to that with my pc (windows 7-64bit)
but there is no way to connect to server with other PCs and windows ...

and the common error is :  " ike authentication credentials are
unacceptable"

and the daemon.log says me :

Aug 27 04:28:15 HAMID charon: 15[NET] received packet: from
xxx.xxx.xxx.xxx[956] to yyy.yyy.yyy.yyy[500]
Aug 27 04:28:15  HAMID  charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) ]
Aug 27 04:28:15  HAMID  charon: 15[IKE]  xxx.xxx.xxx.xxx[  is initiating an
IKE_SA
Aug 27 04:28:15  HAMID  charon: 15[IKE] remote host is behind NAT
Aug 27 04:28:15  HAMID  charon: 15[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Aug 27 04:28:15  HAMID  charon: 15[NET] sending packet: from
yyy.yyy.yyy.yyy [500] to  xxx.xxx.xxx.xxx [956]
Aug 27 04:28:16  HAMID  charon: 03[NET] received packet: from
xxx.xxx.xxx.xxx [53196] to  yyy.yyy.yyy.yyy [4500]
Aug 27 04:28:16  HAMID  charon: 03[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Aug 27 04:28:16  HAMID  charon: 03[IKE] received cert request for "C=..."
Aug 27 04:28:16  HAMID  charon: 03[IKE] received 11 cert requests for an
unknown ca
Aug 27 04:28:16  HAMID  charon: 03[CFG] looking for peer configs matching
yyy.yyy.yyy.yyy [%any]... xxx.xxx.xxx.xxx [192.168.245.132]
Aug 27 04:28:16  HAMID  charon: 03[CFG] selected peer config 'rw-eap'
Aug 27 04:28:16  HAMID  charon: 03[IKE] initiating EAP_IDENTITY method (id
0x00)
Aug 27 04:28:16  HAMID  charon: 03[IKE] peer supports MOBIKE
Aug 27 04:28:16  HAMID  charon: 03[IKE] authentication of 'C=...' (myself)
with RSA signature successful
Aug 27 04:28:16  HAMID  charon: 03[IKE] sending end entity cert "C=..."
Aug 27 04:28:16  HAMID  charon: 03[ENC] generating IKE_AUTH response 1 [
IDr CERT AUTH EAP/REQ/ID ]
Aug 27 04:28:16  HAMID  charon: 03[NET] sending packet: from
yyy.yyy.yyy.yyy [4500] to  xxx.xxx.xxx.xxx [53196]

what is the exac problem you think ?

i sould also append that it is also happenning with ikev2(rsasig) .

Thank you so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120827/e6234d65/attachment.html>

More information about the Users mailing list