[strongSwan] iOS and IKEv2/EAP-MSCHAPv2
Fred
curious_freddy at gmsl.co.uk
Mon Apr 18 16:28:26 CEST 2016
I have an interesting situation with an iOS 9 device connecting to strongswan 5.2.1 using username/password.
I get the following output in syslog ....
Apr 18 15:23:27 foobar charon: 03[IKE] authentication of 'boo.moo' (myself) with RSA signature successful
Apr 18 15:23:27 foobar charon: 03[IKE] sending end entity cert "C=CH, O=strongSwan, CN=boo.moo"
Apr 18 15:23:27 foobar charon: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Apr 18 15:23:27 foobar charon: 03[NET] sending packet: from x.x.x.x[4500] to y.y.y.y[37407] (1504 bytes)
Apr 18 15:23:27 foobar charon: 04[NET] received packet: from y.y.y.y[37407] to x.x.x.x[4500] (80 bytes)
Apr 18 15:23:27 foobar charon: 04[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Apr 18 15:23:27 foobar charon: 04[IKE] received EAP identity 'user1'
Apr 18 15:23:27 foobar charon: 04[IKE] initiating EAP_MSCHAPV2 method (id 0xB3)
Apr 18 15:23:27 foobar charon: 04[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Apr 18 15:23:27 foobar charon: 04[NET] sending packet: from x.x.x.x[4500] to y.y.y.y[37407] (112 bytes)
Apr 18 15:23:27 foobar charon: 01[NET] received packet: from y.y.y.y[37407] to x.x.x.x[4500] (144 bytes)
Apr 18 15:23:27 foobar charon: 01[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Apr 18 15:23:27 foobar charon: 01[IKE] EAP-MS-CHAPv2 verification failed, retry (1)
Apr 18 15:23:29 foobar charon: 01[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Apr 18 15:23:29 foobar charon: 01[NET] sending packet: from x.x.x.x[4500] to y.y.y.y[37407] (128 bytes)
However, if I set the username and password to be the same (user1/user1), then then connection works. Obviously that's no good though. What could be causing this to fail?
Fred
More information about the Users
mailing list