[strongSwan] eap-md5: constraint requires public key authentication, but EAP was used
Tobias Brunner
tobias at strongswan.org
Wed Feb 11 17:00:15 CET 2015
Hi Michael,
> no. the problem was that in the destict TNC documentation
>
> https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect and
> the links in this site there is no mentioning switching off
> multiple_authentication in charon.conf:
>
> multiple_authentication = no
>
> It is included in the documention web sites you mentioned. But searching for
> "strongswan tnc" give the above mentioned website on top.
As Andreas wrote at [1] too, that option does not have to be disabled
for TNC or mutual EAP to work. In fact, the ikev2/rw-eap-ttls-only
scenario mentioned by Martin completes just fine without disabling
multiple authentication rounds. If you have proof otherwise, please
extend the bug report you opened.
Regards,
Tobias
[1] https://wiki.strongswan.org/issues/822
More information about the Users
mailing list