[strongSwan] eap-md5: constraint requires public key authentication, but EAP was used
tobias at strongswan.org
Wed Feb 11 17:00:15 CET 2015
> no. the problem was that in the destict TNC documentation
> https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect and
> the links in this site there is no mentioning switching off
> multiple_authentication in charon.conf:
> multiple_authentication = no
> It is included in the documention web sites you mentioned. But searching for
> "strongswan tnc" give the above mentioned website on top.
As Andreas wrote at  too, that option does not have to be disabled
for TNC or mutual EAP to work. In fact, the ikev2/rw-eap-ttls-only
scenario mentioned by Martin completes just fine without disabling
multiple authentication rounds. If you have proof otherwise, please
extend the bug report you opened.
More information about the Users