[strongSwan] EAP TTLS MSCHAPv2 authentication error : expected AVP_EAP_MESSAGE but received 462
Marwane L
marwane.lechguer at gmail.com
Thu Apr 21 15:35:04 CEST 2016
Thanks for your reply !
still don't find a solution to the problem
i'll keep you informed
2016-04-19 15:33 GMT+02:00 Tobias Brunner <tobias at strongswan.org>:
> Hi Marwane,
>
> > Does it mean that strongswan's EAP TTLS plugin is only compatible with
> > radius attributes ?
>
> RFC 5281 (EAP-TTLSv0 [1]) only describes the encapsulation of EAP
> messages in 'EAP-Message' RADIUS AVPs. Actually, the list of allowed
> AVPs is very specific (see section 13). The 'EAP-Payload' Diameter AVP
> defined in RFC 4072 (released three years earlier [2]) is not mentioned
> at all. And the registry for allowed AVPs was never extended later
> either [3]. So it seems what the Cisco ePDG is doing is not RFC compliant.
>
> Regards,
> Tobias
>
> [1] https://tools.ietf.org/html/rfc5281
> [2] https://tools.ietf.org/html/rfc4072
> [3]
>
> http://www.iana.org/assignments/eap-numbers/eap-numbers.xhtml#eap-numbers-10
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160421/5db39d02/attachment.html>
More information about the Users
mailing list