[strongSwan] WG: unable to connect via Ubuntu 12.04 / strongswan-nm / eap-radius

Martin Willi martin at strongswan.org
Mon May 19 17:15:32 CEST 2014


Hi,

> For me it looks like that the TLS connection to the radius server is
> not working as expected.

> 11[CFG] sending RADIUS Access-Request to server '[here DNS Name RADIUS]'
> 11[CFG] received RADIUS Access-Reject from server '[here DNS Name RADIUS]'
> 11[IKE] RADIUS authentication of '[DOMAIN\username]' failed
> 11[IKE] EAP method EAP_PEAP failed for peer [DOMAIN\username]
> charon: 11[ENC] generating IKE_AUTH response 6 [ EAP/FAIL ]

There is nothing wrong on your Gateway; it just forwards EAP
authentication between clients and your AAA. You should take a look at
your client and the terminating RADIUS server log.

The problem probably is that your AAA is proposing PEAP. On NM, you can
configure a single server certificate only. Is the AAA PEAP certificate
the same that you use to authenticate the gateway? Does your AAA expect
a client certificate to do mutual PEAP authentication before running the
inner EAP method?

Regards
Martin



More information about the Users mailing list