[strongSwan] eap-md5: constraint requires public key authentication, but EAP was used
Michael Schwartzkopff
ms at sys4.de
Fri Jan 16 11:59:30 CET 2015
Am Freitag, 16. Januar 2015, 11:32:36 schrieb Martin Willi:
> Hi,
>
> > constraint requires public key authentication, but EAP was used
> > selected peer config 'test' inacceptable: constraint checking failed
> >
> > On the server side I have:
> > leftauth=eap-ttls
> > rightauth=eap-ttls
> >
> > and on the client side I have:
> > leftauth=eap
>
> If you want to skip IKE public key responder authentication by relying
> on mutual EAP-TTLS (with inner EAP-MD5), you'll have to allow that on
> the client side. You can do that for example by setting rightauth=any on
> the client, as seen in [1].
Hi,
no. the problem was that in the destict TNC documentation
https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect and
the links in this site there is no mentioning switching off
multiple_authentication in charon.conf:
multiple_authentication = no
It is included in the documention web sites you mentioned. But searching for
"strongswan tnc" give the above mentioned website on top.
Mit freundlichen Grüßen,
Michael Schwartzkopff
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the Users
mailing list