[strongSwan] EAP-MD5 failed with "inacceptable: constraint checking failed"
Yuko Katori
k10lie.gm at gmail.com
Mon Oct 12 18:29:44 CEST 2015
Hi,
I'm trying to setup EAP-MD5 with Freeradius(3.0.10).
The server sends Challenge to this strongswan(5.3.3) but, the
strongswan is throwing the following error.
# I don't use cert here.
I'm not sure about "selected peer config 'xxx' inacceptable:
constraint checking failed".
It doesn't seem to be correct to configure "rightauth=psk" and
"leftauth=eap" instead too. <<< Just only configured.
Excuse me, is there any misconfiguration?
---
Oct 13 01:19:48 test charon: 04[IKE] authentication of '11.33.116.1'
with pre-shared key successful
Oct 13 01:19:48 test charon: 04[CFG] constraint requires public key
authentication, but pre-shared key was used
Oct 13 01:19:48 test charon: 04[CFG] selected peer config
'eap-md5-rsa' inacceptable: constraint checking failed
Oct 13 01:19:48 test charon: 04[CFG] no alternative config found
Oct 13 01:19:48 test charon: 04[ENC] generating INFORMATIONAL request
2 [ N(AUTH_FAILED) ]
Oct 13 01:19:48 test charon: 04[NET] sending packet: from
9.17.196.10[500] to 11.33.116.1[500] (76 bytes)
Oct 13 01:19:48 test charon: 04[IKE] IKE_SA eap-md5-rsa[1] state
change: CONNECTING => DESTROYING
root at test:/usr/local/etc# cat ipsec.conf
config setup
charondebug="ike 4, chd 4"
conn %default
ikelifetime=180m
keylife=90m
keyexchange=ikev2
ike = aes128-sha1-modp1024
esp = aes128-sha1
mobike = no
reauth = no
conn eap-md5-rsa
left=9.17.196.10
leftsourceip=%config
leftid=test1 at xxx
leftauth=eap-md5
right=11.33.116.1
rightsubnet=3.1.1.1/32
rightauth=pubkey
auto=add
root at test:/usr/local/etc# cat ipsec.secrets
test1 at xxx : EAP "test"
Kind regards,
YK
More information about the Users
mailing list