[strongSwan] Error with EAP-PEAP connection
Martin Willi
martin at strongswan.org
Wed May 14 09:49:23 CEST 2014
Ygor,
> constraint requires EAP_PEAP, but EAP_NAK was used
> selected peer config 'rw-ikev2-eap' inacceptable: constraint checking failed
> rightauth=eap-peap
When using mutual EAP-only authentication in IKEv2, setting a EAP type
constraint on the responder won't work. The (mutual) EAP method is given
by the client side authentication method. On the initiator, you can set
leftauth=eap-peap
rightauth=eap
What is your intention when using PEAP/MSCHAPv2 in IKEv2? Unless you
need compatibility to an existing system, this is way more complicated
than needed. Traditional IKEv2 certificate authentication together with
an optional (inner) EAP method is usually much simpler.
Regards
Martin
More information about the Users
mailing list