[strongSwan] Failing to login due to constraint check failed
Martin Willi
martin at strongswan.org
Wed May 27 15:28:33 CEST 2015
Hi,
> What I don't understand is why it is failing on EAP identity when I clearly
> defined 'eap_identity=%any'
> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N)
> authentication of '%any' with pre-shared key
> constraint check failed: EAP identity '%any' required
Your client does not initiate EAP, but authenticates with a pre-shared
key. It does not provide an EAP-Identity matching "%any", as no
EAP-Identity is exchanged at all.
If you want to do EAP-MSCHAPv2 with iOS IKEv2, set ExtendedAuthEnabled,
see [1].
Regards
Martin
[1]https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile
More information about the Users
mailing list