[strongSwan] Error with EAP-PEAP connection

Martin Willi martin at strongswan.org
Wed May 14 09:49:23 CEST 2014


> constraint requires EAP_PEAP, but EAP_NAK was used
> selected peer config 'rw-ikev2-eap' inacceptable: constraint checking failed

> rightauth=eap-peap

When using mutual EAP-only authentication in IKEv2, setting a EAP type
constraint on the responder won't work. The (mutual) EAP method is given
by the client side authentication method. On the initiator, you can set


What is your intention when using PEAP/MSCHAPv2 in IKEv2? Unless you
need compatibility to an existing system, this is way more complicated
than needed. Traditional IKEv2 certificate authentication together with
an optional (inner) EAP method is usually much simpler.


More information about the Users mailing list