[strongSwan] Anyone got strongSwan working with Aruba Networks (as a Aruba VIA client)?
Martin Willi
martin at strongswan.org
Mon Apr 14 11:50:57 CEST 2014
Hi Jerry,
> For rw-cert this is the configuration and log I used:
> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> received AUTHENTICATION_FAILED notify error
The peer rejects authentication, but we can't see why on this end. Maybe
the Aruba peer has more information about this failure in its log?
> For rw-eap-tls-* this is the configuration and log I used:
> server requested EAP_IDENTITY (id 0x00), sending 'user at domain'
> generating IKE_AUTH request 2 [ EAP/RES/ID ]
> sending packet: from 192.168.1.67[4500] to <VPN IP>[4500]
> received packet: from <VPN IP>[4500] to 192.168.1.67[4500]
> parsed IKE_AUTH response 2 [ EAP/REQ/TLS ]
> server requested EAP_TLS authentication (id 0x01)
> generating IKE_AUTH request 3 [ EAP/RES/TLS ]
> sending packet: from 192.168.1.67[4500] to <VPN IP>[4500]
> retransmit 1 of request with message ID 3
> sending packet: from 192.168.1.67[4500] to <VPN IP>[4500]
> retransmit 2 of request with message ID 3
> sending packet: from 192.168.1.67[4500] to <VPN IP>[4500]
Seems that the peer does not respond to the EAP-TLS message. Again, the
Aruba log might have information why it doesn't continue.
Regards
Martin
More information about the Users
mailing list