[strongSwan] Error with EAP-PEAP connection
Ygor Amadeo Sartori Regados
ygor.regados at yahoo.com.br
Thu May 15 03:48:46 CEST 2014
I changed my setup to your suggestion and it worked at last, but I needed to copy the server certificate DN as rightid or the server refused connection due to not finding a matching setup.
Is it possible to do that automatically with a server-provided certificate?
If it helps, there is also a IKEv1 Mutual PSK/XAuth setup for compatibility with Windows clients (Shrew Soft VPN) in the server.
Best regards,
Ygor
Em Wed, 14 May 2014 09:49:23 +0200
Martin Willi <martin at strongswan.org> escreveu:
> Ygor,
>
> > constraint requires EAP_PEAP, but EAP_NAK was used
> > selected peer config 'rw-ikev2-eap' inacceptable: constraint
> > checking failed
>
> > rightauth=eap-peap
>
> When using mutual EAP-only authentication in IKEv2, setting a EAP type
> constraint on the responder won't work. The (mutual) EAP method is
> given by the client side authentication method. On the initiator, you
> can set
>
> leftauth=eap-peap
> rightauth=eap
>
> What is your intention when using PEAP/MSCHAPv2 in IKEv2? Unless you
> need compatibility to an existing system, this is way more complicated
> than needed. Traditional IKEv2 certificate authentication together
> with an optional (inner) EAP method is usually much simpler.
>
> Regards
> Martin
>
More information about the Users
mailing list