[strongSwan] loading EAP_MSCHAPV2 method failed?
Huang, Zhenxing
huang.zhenxing at eco-schulte.cn
Sat Dec 21 13:24:46 CET 2013
Hello:
I am
INSTALL
./configure …… - --enable-eap-identity --enable-eap-mschapv2 --enable-eap-peap --enable-eap-radius …….. && make && make instll
Strongswan.conf:
Charon{
Load = …….. eap-identity eap-mschapv2 eap-radius eap-peap ……..
………
}
Ipsec.conf:
.rightauth=eap-peap
LOG:
Dec 20 22:06:12 gateway charon: 13[CFG] received stroke: delete connection 'rw-EAP-MSchapv2'
Dec 20 22:06:12 gateway charon: 13[CFG] deleted connection 'rw-EAP-MSchapv2'
Dec 20 22:06:12 gateway charon: 15[CFG] received stroke: add connection 'rw-eap'
Dec 20 22:06:12 gateway charon: 15[CFG] loaded certificate "C=CN, O=eco-schulte, CN=gw-a.***.cn" from 'gw-aCert.pem'
Dec 20 22:06:12 gateway charon: 15[CFG] added configuration 'rw-eap'
Dec 20 22:06:45 gateway charon: 05[NET] received packet: from 183.*.*.*[500] to 59.*.*.*[500] (792 bytes)
Dec 20 22:06:45 gateway charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Dec 20 22:06:45 gateway charon: 05[IKE] 183.*.*.* is initiating an IKE_SA
Dec 20 22:06:45 gateway charon: 05[IKE] remote host is behind NAT
Dec 20 22:06:45 gateway charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Dec 20 22:06:45 gateway charon: 05[NET] sending packet: from 59.*.*.*[500] to 183.*.*.*[500] (308 bytes)
Dec 20 22:06:45 gateway charon: 06[NET] received packet: from 183.*.*.*[4500] to 59.*.*.*[4500] (724 bytes)
Dec 20 22:06:45 gateway charon: 06[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP(ADDR DNS NBNS SRV) SA TSi TSr ]
Dec 20 22:06:45 gateway charon: 06[IKE] received cert request for "C=CN, O=***, CN=*** ca"
Dec 20 22:06:45 gateway charon: 06[IKE] received 20 cert requests for an unknown ca
Dec 20 22:06:45 gateway charon: 06[CFG] looking for peer configs matching 59.*.*.*[%any]...183.*.*.*[192.168.1.3]
Dec 20 22:06:45 gateway charon: 06[CFG] selected peer config 'rw-eap'
Dec 20 22:06:45 gateway charon: 06[IKE] initiating EAP_IDENTITY method (id 0x00)
Dec 20 22:06:45 gateway charon: 06[IKE] peer supports MOBIKE
Dec 20 22:06:45 gateway charon: 06[IKE] authentication of 'gw-a.***.cn' (myself) with RSA signature successful
Dec 20 22:06:45 gateway charon: 06[IKE] sending end entity cert "C=CN, O=eco-schulte, CN=gw-a.***.cn"
Dec 20 22:06:45 gateway charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 20 22:06:45 gateway charon: 06[NET] sending packet: from 59.*.*.*[4500] to 183.*.*.*[4500] (1220 bytes)
Dec 20 22:06:45 gateway charon: 07[NET] received packet: from 183.*.*.*[4500] to 59.*.*.*[4500] (68 bytes)
Dec 20 22:06:45 gateway charon: 07[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Dec 20 22:06:45 gateway charon: 07[IKE] received EAP identity 'peer'
Dec 20 22:06:45 gateway charon: 07[IKE] loading EAP_MSCHAPV2 method failed
Dec 20 22:06:45 gateway charon: 07[ENC] generating IKE_AUTH response 2 [ EAP/FAIL ]
Dec 20 22:06:45 gateway charon: 07[NET] sending packet: from 59.*.*.*[4500] to 183.*.*.*[4500] (68 bytes)
If
Ipsec.conf:
rightauth=eap-radius
else:
LOG:
oading EAP_RADIUS method failed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131221/4e7c9c33/attachment.html>
More information about the Users
mailing list