[strongSwan] XAuth-EAP method backend not supported: radius

WorkingMan signup_mail2002 at yahoo.com
Mon Oct 21 19:50:52 CEST 2013


My setup works without RADIUS but once I add rightauth2=xauth-eap I get an 
error which result in user authentication failure.

ipsec.conf:
        keyexchange=ikev1
        authby=xauthrsasig
        rightauth=pubkey
        rightauth2=xauth-eap
        leftauth=pubkey

strongswan.conf

  plugins {
       eap-radius {
           accounting = yes
              servers {
                    rad1 {
                        address = <radius ip>
                        secret = <pswd>
                    }
              }
       }
}

logs says:

"XAuth-EAP method backend not supported: radius"

I read: http://wiki.strongswan.org/issues/307 but everything seems to be 
setup correctly. That error message comes from xauth_eap.c from "process" 
method, and when charon->eap->create_instance returns NULL. 

listplugins shows that I have the required plugins enabled:

eap-radius:
    EAP_SERVER:RAD
        CUSTOM:eap-radius
    XAUTH_SERVER:radius
        CUSTOM:eap-radius
    CUSTOM:eap-radius
        HASHER:HASH_MD5
        SIGNER:HMAC_MD5_128
        RNG:RNG_WEAK


xauth-eap:
    XAUTH_SERVER:eap

I am not sure where the issue is. On my local VMWare image where everything 
is install on the same box, strongswan/freeradius, I don't have this issue. 
I did some test with my VM. If radius's IP is not reachable or freeradius 
server is not running it will say "RADIUS server not responding". So we can 
rule out this scenario. It's almost telling me immediately something is 
wrong (no retry logic at all). Both uses v5.1 (built from source).


Thanks, in advance.





More information about the Users mailing list