[strongSwan] Issue with establishing VPN connection with strongSwan VPN Client (google app) using IKEv2 EAP (Username/Password)
Tobias Brunner
tobias at strongswan.org
Fri Apr 22 13:56:16 CEST 2016
Hi,
> But when it sends the IKE_AUTH response to client, it gives the
> following error message in log i.e., “EAP-only authentication requires a
> mutual and MSK deriving EAP method, but EAP_MD5 is not” and sends
> INFORMATIONAL request 5 [ N(AUTH_FAILED) ] to server. As a result,
>
> 1) The VPN Server deletes IKE_SA/CHILD_SA .
> 2) The VPN Client fails to establish VPN with user
> authentication failed.
>
> Can anyone please suggest where it goes wrong or if I have missed
> anything ? Here go the Charon log, configuration used at both ends.
>
> rightauth=eap-md5
> rightsendcert=never
> leftauth=eap-md5
Exactly as the error message tells you, you can't use leftauth=eap-md5
as server. Use leftauth=pubkey instead.
Regards,
Tobias
More information about the Users
mailing list