[strongSwan] eap-md5: constraint requires public key authentication, but EAP was used
Martin Willi
martin at strongswan.org
Fri Jan 16 11:32:36 CET 2015
Hi,
> constraint requires public key authentication, but EAP was used
> selected peer config 'test' inacceptable: constraint checking failed
>
> On the server side I have:
> leftauth=eap-ttls
> rightauth=eap-ttls
> and on the client side I have:
> leftauth=eap
If you want to skip IKE public key responder authentication by relying
on mutual EAP-TTLS (with inner EAP-MD5), you'll have to allow that on
the client side. You can do that for example by setting rightauth=any on
the client, as seen in [1].
Regards
Martin
[1]https://www.strongswan.org/uml/testresults/ikev2/rw-eap-ttls-only/index.html
More information about the Users
mailing list