[strongSwan] Failing to login due to constraint check failed
Martin Willi
martin at strongswan.org
Thu May 28 08:35:08 CEST 2015
> why it wasn't sending identity before but does sent it now?
The client now offers EAP authentication by omitting the AUTH payload in
the first IKE_AUTH exchange. This allows the server to trigger the
EAP-Identity exchange, followed by EAP-MSCHAPv2.
> and why does authentication fail?
The client rejects the EAP-MSCHAPv2 method with EAP-NAK. It is
configured to use something else or does not support it. AFAIK iOS
supports EAP-MSCHAPv2, so most likely this is a client configuration
issue.
Regards
Martin
More information about the Users
mailing list