[strongSwan] Cannot get eap-radius working on Strongswan 5

Martin Willi martin at strongswan.org
Fri Feb 20 15:02:52 CET 2015


Hi Milen,

> 07[IKE] initiating EAP_IDENTITY method (id 0x00)
> 07[IKE] peer supports MOBIKE
> 07[IKE] authentication of '[...]' (myself) with RSA signature successful
> 07[IKE] sending end entity cert "[...]"
> 07[ENC] generating IKE_AUTH response 1 [IDr CERT AUTH EAP/REQ/ID ]
> 07[NET] sending packet: from 5.6.7.8[4500] to 1.2.3.4[4500] (1380 bytes)
> 08[JOB] deleting half open IKE_SA after timeout

The client requests EAP authentication, and your Gateway correctly sends
an EAP-Identity request along with a signature and certificate to
authentication itself to the client. The client, however, never
continues negotiation. Most likely it didn't accept the AUTH signature
or the corresponding certificate.

You may check your clients log for any error, most likely the gateway
certificate is not trusted on the client. I don't think this issue is
directly related to RADIUS authentication, your AAA is not yet involved
at this stage.

Regards
Martin 



More information about the Users mailing list