[strongSwan] Issue with establishing VPN connection with strongSwan VPN Client (google app) using IKEv2 EAP (Username/Password)

Tobias Brunner tobias at strongswan.org
Fri Apr 22 13:56:16 CEST 2016


> But when it sends the IKE_AUTH response to client, it gives the
> following error message in log i.e., “EAP-only authentication requires a
> mutual and MSK deriving EAP method, but EAP_MD5 is not” and sends
> INFORMATIONAL request 5 [ N(AUTH_FAILED) ] to server. As a result,
>         1)          The VPN Server deletes IKE_SA/CHILD_SA .
>         2)      The VPN Client fails to establish VPN with user
> authentication failed.
> Can anyone please suggest where it goes wrong or if I have missed
> anything ? Here go the Charon log, configuration used at both ends.
>         rightauth=eap-md5
>         rightsendcert=never
>          leftauth=eap-md5

Exactly as the error message tells you, you can't use leftauth=eap-md5
as server.  Use leftauth=pubkey instead.


More information about the Users mailing list