[strongSwan] Strongswan Android client could not log in (VPN otherwise working for Win7)
Tobias Brunner
tobias at strongswan.org
Mon Sep 23 11:37:12 CEST 2013
Hi Lawrence,
> barney etc # grep eap /etc/ipsec.conf
> rightauth=eap-mschapv2
> eap_identity=%any
When you select "IKEv2 Certificate + EAP" on the client what you
actually want on the server is:
leftauth=pubkey
rightauth=pubkey
rightauth2=eap-mschapv2
eap_identity=%any
That is, there are two authentication rounds, the first authenticates
the client (and server) with certificates the second authenticates the
client with EAP. The example config on the wiki corresponds to the
"IKEv2 EAP" setting in the app, which still authenticates the server
with certificates but the client only with EAP.
Regards,
Tobias
More information about the Users
mailing list